Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.2.8 Administration Guide
7.2.8
7.6.0
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

Protecting an SSL server

Protecting an SSL server

The Protecting SSL Server option of the SSL/SSH Inspection profile is typically applied to an inbound firewall policy for clients on the internet that access a server behind the FortiGate. FortiGate uses the server certificate of the protected server to simulate the real server, which enables FortiGate to decrypt and inspect traffic destined to the real server. Therefore, a valid server certificate must be installed on the FortiGate to enable traffic inspection.

To upload a server certificate into FortiGate and use that certificate in the SSL/SSH inspection profile:
  1. Go to System > Certificates.
  2. Select Import > Local Certificate and upload the certificate.
  3. Go to Security Profiles > SSL/SSH Inspection and edit or create a new profile.
  4. For Enable SSL Inspection of, select Protecting SSL Server.
  5. For Server Certificate, click the + and select the local certificate you imported.

  6. Click OK.

When you apply the Protecting SSL Server profile in a policy, the FortiGate will send the server certificate to the client as your server does.

Previous
Next

Protecting an SSL server

Protecting an SSL server

The Protecting SSL Server option of the SSL/SSH Inspection profile is typically applied to an inbound firewall policy for clients on the internet that access a server behind the FortiGate. FortiGate uses the server certificate of the protected server to simulate the real server, which enables FortiGate to decrypt and inspect traffic destined to the real server. Therefore, a valid server certificate must be installed on the FortiGate to enable traffic inspection.

To upload a server certificate into FortiGate and use that certificate in the SSL/SSH inspection profile:
  1. Go to System > Certificates.
  2. Select Import > Local Certificate and upload the certificate.
  3. Go to Security Profiles > SSL/SSH Inspection and edit or create a new profile.
  4. For Enable SSL Inspection of, select Protecting SSL Server.
  5. For Server Certificate, click the + and select the local certificate you imported.

  6. Click OK.

When you apply the Protecting SSL Server profile in a policy, the FortiGate will send the server certificate to the client as your server does.

Previous
Next