FortiGate Configuration
Part 1 - Create SSL/SSH Inspection Profile
Part 2 - Application Control Configuration
Part 3 - Firewall Policy Configuration
Part 1 - Create SSL/SSH Inspection Profile
- Log into FortiGate, go to Security Profiles > SSL/SSH Inspection.
- Create a new SSL/SSH inspection profile called "deep-test".
- In Protocol Port Mapping, enable Inspect all ports.
- Scroll down to SSH Inspection Options, enable SSH deep scan, click Specify and enter ssh port: 22.
- Scroll down to Common Options, select Allow for Invalid SSL certificates
- In Common Options, enable Log SSL anomalies.
The completed configuration should be as the following:
Part 2 - Application Control Configuration
- Go to Security Profiles > Application Control.
- Select default or create a new profile
- Click All Categories drop down menu and select Monitor.
- Under Options, enable Allow and Log DNS Traffic and Replacement Messages for HTTP-based Applications.
Part 3 - Firewall Policy Configuration
- Go to Policy & Objects > Firewall Policy.
- Create a new policy named "Shadow-IT".
- Configure Security Profiles:
- To use access control, enable the Web Filter created with the URL filter set. (If you have setup web filter profile)
- Enable Application Control to allow FortiCASB to track how many cloud applications are visited.
- To correlate log data with FortiCASB data, make sure Application Control is enabled, and click SSL/SSH Inspection drop down menu to select deep-test.
- In Logging Options, enable Log Allowed Traffic, and select either Security Events or All Sessions.
The completed configuration should be as the following: