Friday, March 4, 2022

Fortigate SSL/TLS Inspection

SSL (TLS) deep inspection on outbound traffic allows FortiGate to inspect encrypted Internet-bound traffic (outbound) and apply Security Profiles (UTM). The FortiGate acts as a Man-In-The-Middle to inspect traffic and apply the Security Profiles such as Antivirus, Web Filter and Application Control.

 

To configure SSL Inspection, go to Security Profiles > SSL/SSH Inspection.

 

Notice there are default inspection profiles created. Select custom-deep-inspection > click Edit (or just double-click).

Under Common Options > select Invalid SSL certifications: Allow > click OK.


The next step is to enable SSL Inspection in a Firewall Policy. Go to Policy & Objects > Firewall Policy > select FG_LAN_INTERNET > click Edit (or just double-click).

Under Security Profiles > select SSL Inspection: custom-deep-inspection > click OK.


Notice there's a warning near the SSL Inspection. Hover to view it.

I tried to access https://www.cnn.com but was presented with a warning: There is a problem with this website's security certificate.

The Fortigate includes a system default SSL certificate called Fortinet_CA_SSL, which can be used for full SSL inspection. You can avoid the web browser certificate warning by downloading and installing the Fortinet_CA_SSL certificate in your machine.

 

To download the FortiGate SSL certificate, go to System > Certificates > select Fortinet_CA_SSL > click View Details.

 


Click Download > Save File.

To install the Fortinet_CA_SSL in Internet Explorer, go to Tools > Internet Options > Content > Certificates.

Under Trusted Root Certificate Authorities > click Import.

Run the Certificate Import Wizard > click Next.

Browse for the Fortinet_CA_SSL.cert > click Next.

Select the default Place all certificates in the following store: Personal > click Next.

Click Finish.

Click Yes.

Click OK.

Select the newly installed Fortinet SSL certificate > click View.




I accessed again https://www.cnn.com but this time there's no certificate error being presented.

To view FortiGate logs, go to Log & Report > Forward Traffic. 

Notice the log with the Application Name: SSL.

Select the SSL log > click Details.