![]() Set ssl-ssh-profile "certificate-inspection"Ĭonfiguration of proxy policy is straightforward, just add website you want to block : ![]() You have to enable at least certificate-inspection and http-policy-redirect (was before in proxy option in previous FortiOS version) on IPv4 policy. So if your are going to, and you have a rule blocking this website, it will not work. After enabling ssl decryption, traffic is going again in proxy engine. ![]() ![]() When Http-redirect-policy is enable through CLI, you can disable it with GUIĪs you may know, in HTTPS, domain name is transmitted in clear (hello packet) but complete URL (path and parameters) is encrypted after TCP connexion is established.įortigate is performing actions in this orderĪs you can see, if ssl decryption is not enabled, proxy will be unable to filter website. When Http-redirect-policy is disable, no button appear ![]()
0 Comments
Leave a Reply. |