Fortinet black logo

Cookbook

Editing the SSL inspection profile

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:537083
Download PDF

Editing the SSL inspection profile

  1. To use your certificate in an SSL inspection profile go to Security Profiles > SSL/SSH Inspection. Use the dropdown menu in the top right corner to select deep-inspection.

  2. The deep-inspection profile is read-only. To use the CA-signed certificate for SSL inspection, you must clone the deep-inspection profile and configure the new profile to use your certificate. To clone an existing profile, select the Clone icon (one page behind another) and enter a new name when prompted. In this example, the name of the profile is custom-deep-inspection.

  3. Set CA Certificate to use the new certificate.

  4. Verify that SSL inspection is applied to your policy that controls traffic to the Internet. You must also apply at least one other security profile to that policy in order to implement SSL inspection. In this example, we apply antivirus.

Editing the SSL inspection profile

  1. To use your certificate in an SSL inspection profile go to Security Profiles > SSL/SSH Inspection. Use the dropdown menu in the top right corner to select deep-inspection.

  2. The deep-inspection profile is read-only. To use the CA-signed certificate for SSL inspection, you must clone the deep-inspection profile and configure the new profile to use your certificate. To clone an existing profile, select the Clone icon (one page behind another) and enter a new name when prompted. In this example, the name of the profile is custom-deep-inspection.

  3. Set CA Certificate to use the new certificate.

  4. Verify that SSL inspection is applied to your policy that controls traffic to the Internet. You must also apply at least one other security profile to that policy in order to implement SSL inspection. In this example, we apply antivirus.