Fortinet black logo

New Features

Ignore AUTH TLS command for DLP  6.2.2

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:162551
Download PDF

Ignore AUTH TLS command for DLP 6.2.2

If the FortiGate receives an AUTH TLS (PBSZ and PROT) command before receiving plain text traffic from a decrypted device, by default, it will expect encrypted traffic, determine that the traffic belongs to an abnormal protocol, and by-pass the traffic.

When the ssl-offloaded command is enabled, the AUTH TLS command is ignored, and the traffic is treated as plain text rather than encrypted data.

To ignore received AUTH TLS commands:
config firewall profile-protocol-options
    edit "test"
        config ftp
            set ssl-offloaded yes
        end
        config imap
            set ssl-offloaded yes
        end
        config pop3
            set ssl-offloaded yes
        end
        config smtp
            set ssl-offloaded yes
        end
    next
end

Ignore AUTH TLS command for DLP 6.2.2

If the FortiGate receives an AUTH TLS (PBSZ and PROT) command before receiving plain text traffic from a decrypted device, by default, it will expect encrypted traffic, determine that the traffic belongs to an abnormal protocol, and by-pass the traffic.

When the ssl-offloaded command is enabled, the AUTH TLS command is ignored, and the traffic is treated as plain text rather than encrypted data.

To ignore received AUTH TLS commands:
config firewall profile-protocol-options
    edit "test"
        config ftp
            set ssl-offloaded yes
        end
        config imap
            set ssl-offloaded yes
        end
        config pop3
            set ssl-offloaded yes
        end
        config smtp
            set ssl-offloaded yes
        end
    next
end