Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.1.2 Handbook
    7.1.2
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring an L2 exception list

    Configuring an L2 exception list

    In some jurisdictions, SSL interception and decryption is disfavored for some types of websites or disallowed entirely. You use the L2 Exception List configuration to define such destinations. You can leverage FortiGuard web filter categories, and you can configure a list of additional destinations.

    Before you begin:

    • You must have created a Web Filter Profile configuration that includes the web categories to exclude from SSL decryption.
    • You must have hostname or IP address details on additional destinations you want to exclude from SSL decryption.
    • You must have Read-Write permission for Load Balance settings.

    After you have created an L2 exception list configuration object, you can select it in a Layer 2 virtual server configuration.

    To configure an exception list:
    1. Go to Server Load Balance > SSL-FP Resources.
    2. Click the L2 Exception List tab.
    3. Click Create New to display the configuration editor.
    4. Complete the configuration as described in L2 exception list configuration.
    5. Save the configuration.

    L2 exception list configuration
    Settings Guidelines

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the profile configuration.

    Note: After you initially save the configuration, you cannot edit the name.

    Description

    A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.

    Web Filter Profile

    Select a Web Filter Profile configuration.
    Member

    Type

    How you want to define the exception:

    • Host
    • IP

    Host Pattern

    		 Specify a wildcard pattern, such as *.example.com.

    IP/Netmask

    Specify the IP address and CIDR-formatted subnet mask, separated by a forward slash, such as 192.0.2.0/24.

    Note:

    • Dotted quad formatted subnet masks are not accepted.
    • IPv6 addresses are not supported.
    Previous
    Next

    Configuring an L2 exception list

    Configuring an L2 exception list

    In some jurisdictions, SSL interception and decryption is disfavored for some types of websites or disallowed entirely. You use the L2 Exception List configuration to define such destinations. You can leverage FortiGuard web filter categories, and you can configure a list of additional destinations.

    Before you begin:

    • You must have created a Web Filter Profile configuration that includes the web categories to exclude from SSL decryption.
    • You must have hostname or IP address details on additional destinations you want to exclude from SSL decryption.
    • You must have Read-Write permission for Load Balance settings.

    After you have created an L2 exception list configuration object, you can select it in a Layer 2 virtual server configuration.

    To configure an exception list:
    1. Go to Server Load Balance > SSL-FP Resources.
    2. Click the L2 Exception List tab.
    3. Click Create New to display the configuration editor.
    4. Complete the configuration as described in L2 exception list configuration.
    5. Save the configuration.

    L2 exception list configuration
    Settings Guidelines

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the profile configuration.

    Note: After you initially save the configuration, you cannot edit the name.

    Description

    A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.

    Web Filter Profile

    Select a Web Filter Profile configuration.
    Member

    Type

    How you want to define the exception:

    • Host
    • IP

    Host Pattern

    		 Specify a wildcard pattern, such as *.example.com.

    IP/Netmask

    Specify the IP address and CIDR-formatted subnet mask, separated by a forward slash, such as 192.0.2.0/24.

    Note:

    • Dotted quad formatted subnet masks are not accepted.
    • IPv6 addresses are not supported.
    Previous
    Next