Fortinet black logo

Browser Isolation Deployment

Home FortiProxy 7.2.9 Browser Isolation Deployment
7.2.9
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0

Installing certificates

Installing certificates

To deploy the FortiNBI, you must first install the following certificates, which can be downloaded from Certificate list under System > Certificates in the FortiProxy GUI:

  • FortiProxy CA certificate (Fortinet_CA_SSL)—This certificate is required for connection between the FNBI client system and the FortiProxy. Install the certificate in the browser on the local machine trusted root CA stores by selecting the Local Machine option.

  • FortiProxy server certificate—This certificate is defined in Proxy Settings > Web Proxy Setting > Default Server Certificate and is required for downloading the isolator image. You must configure the web proxy to use a custom certificate that you create which is signed by Fortinet_CA_SSL:

    1. Go to System > Certificates and click Create/Import > Certificate.

    2. Click Generate Certificate.

    3. Specify the certificate name.

    4. Specify the FQDN of the configured captive portal in the Common name field or specify the IP of the configured captive portal in the Subject alternative name field. Failing to do so will result in certificate errors on the client machine. You can access captive portal information in Policy & Objects > Proxy Auth Setting.

    5. Click Create.

    6. Go to Proxy Settings > Web Proxy Setting and select the certificate you just created under Default Server Certificate.

    7. After the certificate is installed, verify the trust on the client machine by downloading the isolator module manually using the following URL:

      https://<captive_portal_domain>:<captive _portal_https_port>/XX/YY/ZZ/wsl_installer

Previous
Next

Installing certificates

To deploy the FortiNBI, you must first install the following certificates, which can be downloaded from Certificate list under System > Certificates in the FortiProxy GUI:

  • FortiProxy CA certificate (Fortinet_CA_SSL)—This certificate is required for connection between the FNBI client system and the FortiProxy. Install the certificate in the browser on the local machine trusted root CA stores by selecting the Local Machine option.

  • FortiProxy server certificate—This certificate is defined in Proxy Settings > Web Proxy Setting > Default Server Certificate and is required for downloading the isolator image. You must configure the web proxy to use a custom certificate that you create which is signed by Fortinet_CA_SSL:

    1. Go to System > Certificates and click Create/Import > Certificate.

    2. Click Generate Certificate.

    3. Specify the certificate name.

    4. Specify the FQDN of the configured captive portal in the Common name field or specify the IP of the configured captive portal in the Subject alternative name field. Failing to do so will result in certificate errors on the client machine. You can access captive portal information in Policy & Objects > Proxy Auth Setting.

    5. Click Create.

    6. Go to Proxy Settings > Web Proxy Setting and select the certificate you just created under Default Server Certificate.

    7. After the certificate is installed, verify the trust on the client machine by downloading the isolator module manually using the following URL:

      https://<captive_portal_domain>:<captive _portal_https_port>/XX/YY/ZZ/wsl_installer

Previous
Next