Fortigate SSL Inspection

SSL Deep Inspection prevents unwanted malicious software or proprietary data from exiting a network.

Relevance

Last Review: January 14, 2022

Product(s): Delta Methodology

Author(s): Cameron Smith

Delta

A cyberist created this article using the patented Delta Method by modernizing a typical approach.

Summary

Most network traffic today is encrypted outbound on port 443. SSL Deep Inspection prevents unwanted malicious software or proprietary data from exiting a network. Without SSL inspection, data exfiltration and user activity is largely unknown.

Requirements

  • No reboot required
  • Administrator access to the FortiGate firewall
  • Fortigate SSL certificate must be installed on each workstation
  • 15 to 30 minutes for implementation

Steps

  1. Login to FortiGate firewall with an administrator account
  2. On the Policy & Objects tab, create a new IPv4 policy with the following settings
    • Incoming Interface: Internal
    • Outgoing Interface: wan1
    • Source: Desired network devices
    • Destination: All
    • Schedule: Always
    • Service: HTTP, HTTPS
    • Security Profiles: Antivirus and SSL Deep Inspection enabled
  3. Click OK to save the policy
  4. Drag the policy to be in order directly underneath of the default outbound policy.

Follow-up

Run a ShieldsUP or similar EICAR test.