Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jstan
Staff
Staff

Created on ‎04-12-2019 02:38 AM Edited on ‎05-26-2022 09:56 AM By Anonymous

Article Id 189758

Technical Note: HTTPS/SSL load balance and SSL offloading option missing in GUI

Description
This article describes the reason why SSL offloading and HTTPS server load balance option is missing in the GUI.
Solution

When creating a new virtual server, there are only a few options available in the GUI.

In the CLI, there are more options available. Run the following commands:

config firewall vip
    edit SSL
        set type server-load-balance
        set server-type
http     HTTP
https    HTTPS
imaps    IMAPS
pop3s    POP3S
smtps    SMTPS
ssl      SSL
tcp      TCP
udp      UDP
ip       IP

When HTTPS load balancing is selected from CLI an error message will be displayed when the following command is executed in the CLI to enable SSL offloading:

set ssl-mode full
command parse error before 'ssl-mode'
Command fail. Return code -61
This is because FortiGate inspection mode is set to flow-based inspection. With flow-based inspection, SSL offloading option will not be available.

In order to enable SSL offloading, change the inspection mode to proxy based as follows:
   -GUI under System > Settings:

 

   -In the CLI:

config system setting
   set inspection-mode proxy
end

SSL offloading option is now available after changing the inspection mode to proxy based.

 

17031
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.