Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

Ignore AUTH TLS command for DLP  6.2.2

If the FortiGate receives an AUTH TLS (PBSZ and PROT) command before receiving plain text traffic from a decrypted device, by default, it will expect encrypted traffic, determine that the traffic belongs to an abnormal protocol, and by-pass the traffic.

When the ssl-offloaded command is enabled, the AUTH TLS command is ignored, and the traffic is treated as plain text rather than encrypted data.

To ignore received AUTH TLS commands:
config firewall profile-protocol-options
    edit "test"
        config ftp
            set ssl-offloaded yes
        end
        config imap
            set ssl-offloaded yes
        end
        config pop3
            set ssl-offloaded yes
        end
        config smtp
            set ssl-offloaded yes
        end
    next
end

Ignore AUTH TLS command for DLP  6.2.2

If the FortiGate receives an AUTH TLS (PBSZ and PROT) command before receiving plain text traffic from a decrypted device, by default, it will expect encrypted traffic, determine that the traffic belongs to an abnormal protocol, and by-pass the traffic.

When the ssl-offloaded command is enabled, the AUTH TLS command is ignored, and the traffic is treated as plain text rather than encrypted data.

To ignore received AUTH TLS commands:
config firewall profile-protocol-options
    edit "test"
        config ftp
            set ssl-offloaded yes
        end
        config imap
            set ssl-offloaded yes
        end
        config pop3
            set ssl-offloaded yes
        end
        config smtp
            set ssl-offloaded yes
        end
    next
end