What is Fortigate SSL Deep Inspection?
Organizations can examine SSL traffic that has been encrypted for malicious activity using the security feature known as SSL Deep Inspection. Fortigate SSL Deep Inspection aims to defend against threats like viruses, spyware, and phishing attempts that might be concealed within encrypted traffic.
Table of Contents
The Fortigate firewall performs a man-in-the-middle role when SSL Deep Inspection is enabled, intercepting encrypted traffic and inspecting the contents before forwarding it to the intended recipient. The SSL traffic is first decrypted by the firewall, which also checks it for potentially harmful content. After that, it is encrypted once more and forwarded. This enables the firewall to detect threats that could be concealed within the encrypted traffic.
Prerequisites
To increase security with SSL Deep Inspection the following requirements are necessary.
Fortinet
- Fortigate firmware
Ensure that your Fortigate firewall is running a firmware version that supports SSL Deep Inspection.
- SSL Inspection license
Fortigate requires a license to enable SSL Deep Inspection.
- Trusted root certificate
A trusted root certificate must installed on the Fortigate firewall in order to enable SSL Deep Inspection. This certificate will used to re-encrypt the traffic after inspection.
- Processing power
SSL Deep Inspection can require significant processing power, so ensure that the Fortigate firewall has enough resources to handle the increased load.
- Bandwidth
SSL Deep Inspection can also increase the amount of traffic passing through the firewall, so ensure that there is enough bandwidth to handle the increased load.
- Network configuration
The network configuration must configured to allow the Fortigate firewall to act as a man-in-the-middle for SSL traffic.
- Application support
SSL Deep Inspection may require additional configuration for some applications to work properly.
Microsoft
To be able to distribute certificates via an MDM solution, the Microsoft Intune service is required. This is already included in various licenses.
A great way to find out if the necessary licenses already exist is to use the community tool: M365 Maps.
Deploy Fortigate SSL Deep Inspection Certificate with Microsoft Intune
1. Setup an SSL/SSH Inspection Profile
First, an appropriate SSL Deep Inspection Profile must set up on the Fortigate. It recommended to do this according to the manufacturer’s guide.
2. Export the Fortinet_CA_SSL Certificate
Once the policy has been checked and created, the certificate can be downloaded. It recommended to save the certificate file separately.
3. Exempt web sites from deep inspection
There are websites, services or applications that do not work via SSL Deep Inspection or there is no need for it. Therefore, exceptions must defined in advance and stored in the policy on the Fortigate.
Here, too, it is important to act according to the manufacturer principle.
4. Deploy Certificate via Microsoft Intune
Now a Device Configuration Policy for the rollout can be created via the Endpoint Manager Portal. Attention: After creating the policy, Windows 8.1 and later is still displayed.
When creating the policy, the certificate can be uploaded and according to the manufacturer’s page “Computer certificate store – Root” is selected here.
The policy can now applied to a group of computers.
5. Testing and Rollout
The security hardening configuration takes time to complete, as I would like to emphasize. It necessitates the required expertise, as well as adequate planning and preparation time.
Before implementing SSL Deep Inspection in a production setting, it is crucial to test it extensively to make sure it won’t result in any unanticipated problems. To make sure the firewall has enough resources to handle the increased load, it is also crucial to regularly check its performance.
Conclusion
In a SMB (Small and Medium-sized Business) environment, enabling SSL Deep Inspection can be important for several reasons:
- Protects against malware: By inspecting encrypted traffic, the firewall can detect and prevent malware from infiltrating the network.
- Enhances security: SSL Deep Inspection helps organizations to identify and prevent threats that might hidden within encrypted traffic.
- Compliance: Many organizations required to inspect encrypted traffic for compliance with various regulations and standards, such as PCI DSS.
- Improved visibility: By decrypting SSL traffic, organizations can gain better visibility into the traffic passing through their network.
In summary, enabling SSL Deep Inspection on a Fortigate firewall can provide SMB companies with a higher level of security and protection against threats that might hidden within encrypted traffic.
Recent Posts
The article was good and you want to get more information, here are more exciting articles.