Description
This article describes when a FortiGate is sandwiched between SSL encryption and decryption units.
Scope
FortiGate.
Solution
When a FortiGate is sandwiched between SSL encryption and decryption units, the FortiGate can process the decrypted traffic that passes between those units.
This feature adds support for decrypted traffic in application control.
In some pre-defined signatures, the signature is pre-marked with the require_ssl_di tag.
The force-inclusion-ssl-di-sigs option under application list allows users to control the inspection of dissected traffic.
When this option is enabled, the IPS engine forces the pre-marked SSL-based signatures to be applied to the decrypted traffic of the respective applications.
In the following topology, SSL Proxy 1 handles the client connection and SSL Proxy 2 handles the server connection, leaving the content unencrypted as traffic passes through the FortiGate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.