FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 191836
Description
Prior to v4.0, SSL content scanning was only applicable to HTTPS WEB filtering by looking in the CN field of the SSL certificate.  FortiOS 4.0 performs full AV/webfilter/spamfilter scan of HTTPs, IMAPs, POP3s, SMTPs with new SSL proxy.
  • FortiOS v3.0: only HTTPs webfiltering, based on clear text info (certificate CN).
  • FortiOS v4.0: Full AV/webfilter/spamfilter scan offor HTTPs, IMAPs, POP3s, SMTPs with new SSL proxy.

Solution
Secure Sockets Layer

sotoole_100069_100069-ssl_scan_description.JPG

  
  • SSL server authentication - allows a user to confirm a server's identity.  During the SSL handshake, the server sends the client a certificate to authenticate itself. The client uses the certificate to authenticate the identity the certificate claims to represent.
  • SSL client authentication (optional) - allows a server to confirm a client's identity. HTTPS Client Authentication requires the client to possess a Public Key Certificate (PKC). If you specify client authentication, the web server will authenticate the client using the client’s public key certificate.
     
  • Encrypted communication.
     
  • Only available on CP6 powered Fortigates.
       
  • Inserts before application proxies (HTTP, SMTP, …).
       
  • Creates spoofed server certificates on the fly.
     
  • Bypassed if client authenticates.
SSL proxy configuration - GUI
 

sotoole_100069_100069-ssl_proxy_configuration_gui.jpg

See also SSL Global Settings
 
Antivirus global settings
conf antivirus service imaps
conf antivirus service pop3s
conf antivirus service smtps
config antivirus filepattern
edit "zip"
set filter-type type
set file-type zip
set active imap smtp pop3 http ftp im nntp imaps smtps pop3s https
next
end

Related Articles

Technical Note: FortiGate HTTPS web URL filtering and HTTPS FortiGuard web filtering