Fortinet black logo

Online Help

Home FortiCASB 24.1.a Online Help
24.1.a
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

FortiGate Configuration

FortiGate Configuration

Part 1 - Create SSL/SSH Inspection Profile

Part 2 - Application Control Configuration

Part 3 - Firewall Policy Configuration

Part 1 - Create SSL/SSH Inspection Profile

  1. Log into FortiGate, go to Security Profiles > SSL/SSH Inspection.
  2. Create a new SSL/SSH inspection profile called "deep-test".
  3. In Protocol Port Mapping, enable Inspect all ports.
  4. Scroll down to SSH Inspection Options, enable SSH deep scan, click Specify and enter ssh port: 22.
  5. Scroll down to Common Options, select Allow for Invalid SSL certificates
  6. In Common Options, enable Log SSL anomalies.

    7. The completed configuration should be as the following:

Part 2 - Application Control Configuration

  1. Go to Security Profiles > Application Control.
  2. Select default or create a new profile
  3. Click All Categories drop down menu and select Monitor.

  4. Under Options, enable Allow and Log DNS Traffic and Replacement Messages for HTTP-based Applications.

Part 3 - Firewall Policy Configuration

  1. Go to Policy & Objects > Firewall Policy.
  2. Create a new policy named "Shadow-IT".
  3. Configure Security Profiles:
    1. To use access control, enable the Web Filter created with the URL filter set. (If you have setup web filter profile)
    2. Enable Application Control to allow FortiCASB to track how many cloud applications are visited.
    3. To correlate log data with FortiCASB data, make sure Application Control is enabled, and click SSL/SSH Inspection drop down menu to select deep-test.
  4. In Logging Options, enable Log Allowed Traffic, and select either Security Events or All Sessions.

    5. The completed configuration should be as the following:

Previous
Next

FortiGate Configuration

Part 1 - Create SSL/SSH Inspection Profile

Part 2 - Application Control Configuration

Part 3 - Firewall Policy Configuration

Part 1 - Create SSL/SSH Inspection Profile

  1. Log into FortiGate, go to Security Profiles > SSL/SSH Inspection.
  2. Create a new SSL/SSH inspection profile called "deep-test".
  3. In Protocol Port Mapping, enable Inspect all ports.
  4. Scroll down to SSH Inspection Options, enable SSH deep scan, click Specify and enter ssh port: 22.
  5. Scroll down to Common Options, select Allow for Invalid SSL certificates
  6. In Common Options, enable Log SSL anomalies.

    7. The completed configuration should be as the following:

Part 2 - Application Control Configuration

  1. Go to Security Profiles > Application Control.
  2. Select default or create a new profile
  3. Click All Categories drop down menu and select Monitor.

  4. Under Options, enable Allow and Log DNS Traffic and Replacement Messages for HTTP-based Applications.

Part 3 - Firewall Policy Configuration

  1. Go to Policy & Objects > Firewall Policy.
  2. Create a new policy named "Shadow-IT".
  3. Configure Security Profiles:
    1. To use access control, enable the Web Filter created with the URL filter set. (If you have setup web filter profile)
    2. Enable Application Control to allow FortiCASB to track how many cloud applications are visited.
    3. To correlate log data with FortiCASB data, make sure Application Control is enabled, and click SSL/SSH Inspection drop down menu to select deep-test.
  4. In Logging Options, enable Log Allowed Traffic, and select either Security Events or All Sessions.

    5. The completed configuration should be as the following:

Previous
Next