Fortinet black logo

New Features

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

SSL offload/sandwich mode  6.2.1

SSL offload/sandwich mode 6.2.1

In SSL offload/sandwich mode, a decode device receives SSL connections and decrypts the traffic, then sends HTTP (non SSL) traffic to the FortiGate for NGFW/UTM inspection. If the session needs to be blocked and a replacements message displayed, the FortiGate delivers the message directly back to the client over HTTPS.

The following CLI command has been added per VDOM:

config authentication setting
    set rewrite-https-port <port>
    ....
end

This example sets the HTTPS rewrite port to 8080:

config authentication setting
    set active-auth-scheme ''
    set sso-auth-scheme ''
    set captive-portal-type fqdn
    set captive-portal ''
    set captive-portal6 ''
    set captive-portal-port 7830
    set auth-https enable
    set captive-portal-ssl-port 7831
    set rewrite-https-port 8080
end
Previous
Next

SSL offload/sandwich mode 6.2.1

In SSL offload/sandwich mode, a decode device receives SSL connections and decrypts the traffic, then sends HTTP (non SSL) traffic to the FortiGate for NGFW/UTM inspection. If the session needs to be blocked and a replacements message displayed, the FortiGate delivers the message directly back to the client over HTTPS.

The following CLI command has been added per VDOM:

config authentication setting
    set rewrite-https-port <port>
    ....
end

This example sets the HTTPS rewrite port to 8080:

config authentication setting
    set active-auth-scheme ''
    set sso-auth-scheme ''
    set captive-portal-type fqdn
    set captive-portal ''
    set captive-portal6 ''
    set captive-portal-port 7830
    set auth-https enable
    set captive-portal-ssl-port 7831
    set rewrite-https-port 8080
end
Previous
Next