Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

SSL offload/sandwich mode  6.2.1

In SSL offload/sandwich mode, a decode device receives SSL connections and decrypts the traffic, then sends HTTP (non SSL) traffic to the FortiGate for NGFW/UTM inspection. If the session needs to be blocked and a replacements message displayed, the FortiGate delivers the message directly back to the client over HTTPS.

The following CLI command has been added per VDOM:

config authentication setting
    set rewrite-https-port <port>
    ....
end

This example sets the HTTPS rewrite port to 8080:

config authentication setting
    set active-auth-scheme ''
    set sso-auth-scheme ''
    set captive-portal-type fqdn
    set captive-portal ''
    set captive-portal6 ''
    set captive-portal-port 7830
    set auth-https enable
    set captive-portal-ssl-port 7831
    set rewrite-https-port 8080
end

SSL offload/sandwich mode  6.2.1

In SSL offload/sandwich mode, a decode device receives SSL connections and decrypts the traffic, then sends HTTP (non SSL) traffic to the FortiGate for NGFW/UTM inspection. If the session needs to be blocked and a replacements message displayed, the FortiGate delivers the message directly back to the client over HTTPS.

The following CLI command has been added per VDOM:

config authentication setting
    set rewrite-https-port <port>
    ....
end

This example sets the HTTPS rewrite port to 8080:

config authentication setting
    set active-auth-scheme ''
    set sso-auth-scheme ''
    set captive-portal-type fqdn
    set captive-portal ''
    set captive-portal6 ''
    set captive-portal-port 7830
    set auth-https enable
    set captive-portal-ssl-port 7831
    set rewrite-https-port 8080
end