Traditional security devices have the ability to inspect HTTP traffic, however, such devices cannot inspect SSL or encrypted traffic without incurring heavy CPU resources. This limitation raises concerns as the volume of the encrypted traffic is increasing and is expected to surpass the volume of unencrypted traffic. Considering the immense possibility of cyber threats propagating through encrypted traffic, it is essential that organizations configure their security devices to inspect both encrypted and unencrypted traffic.
Deploy FortiADC as an SSLi Proxy in your organization to dedicatedly decrypt SSL traffic, which can then be analyzed by a security device. Since the encryption and decryption functions are performed by the FortiADC, there is minimum latency in the network.
This document will show you how to quickly set up FortiADC as SSLi proxy. Before you begin, you must:
Have Read-Write permission for System settings.
Have the CA certificate that added to Local Certificate (optional)
Have the Security Device connected to FortiADC (SSLi proxy)