FortiGate: Inbound Deep Inspection/TLS Offloading
HTML-код
- Опубликовано: 24 июл 2024
- Inbound Deep Inspection is a port forwarding rule/VIP that differentiates itself by:
1) Gaining visibility to HTTPS encrypted traffic
2) Enabling HTTPS even if HTTP is the only protocol configured on the end server
We will cover some scenarios and how to configure Inbound Deep Inspection
0:00 Overview
0:14 VIP vs. Inbound DPI
0:47 Use Case #1
2:50 Use Case #2
3:54 Baseline Config
4:40 Import Server Certificate
6:12 SSL Profile
6:35 Virtual Server
8:58 Firewall Policy
11:38 testing - Наука
Both content and quality are superb
Your videos are amazing man best i have seen
Thanks. Keep up the good work...!
Great video! Thanks.
In lieu of creating 2 https sessions (client to fw and fw to internal server), can one upload the internal server certificate on the firewall? Would this also allow the FW to decrypt traffic to the internal server? Or is it necessary for the client to connect to the FW first.
Yes you can upload the server cert to the firewall and so that the firewall can decrypt the traffic -> this is the approach taken in this video. I do not know of a way to have this type of decryption visibility inbound without the client connecting to the firewall first when we using a port forwarding type scenario.
good video, it helped me very well. Thanks
Around the 12:50 mark, I get a bit confused. You are editing a web filter rule on an inbound traffic policy to test (in normal circumstances) what would be incoming traffic. Did I miss something or just not had enough coffee yet?
Yeah good point, I think it was valid to prove the test but a better use case might have been a virus upload for example
is the load balance feature need to license ?
No license needed