Комментарии:
Audio has been fine all along...
ОтветитьEven if the internal computers trust the certificate installed on the fortigate, I still experience a lot of issues where deep inspection will not work with certain secured sites. Can you comment on this? I think it may have to do with the fact that these sites send back their cert to the browser behind the firewall (may be called pinning?), so it knows traffic has been intercepted (because the ‘true’ cert is different from the one installed on the fortigate). I really would appreciate some more expert info on these issues, case I’m struggling with it. Thanks for all the excellent info!
Ответить
Thanks for the video. I do feel like the audio was better in this video :)
Question about the cert that the fortigate uses for SSL inspection: I also have a fortiwifi at home (60e). Are there any security concerns regarding just manually installing the cert that the firewall comes with on the various machines I have at home and using that cert for the SSL inspection policy?
Good explanation, Have just setup the exact same solution.
Ответить
Hello, I would like to thank you for knowledge sharing and your video. it is great. one question on the ssl cet.
If I used my certificate that I bought from digicert; do I have to install anything of the clients devices ?
Sir im new to this, does fortinet firewall can block downloads to the end users like .exe file or etc
Ответить
Do you have contact info somewhere because I'd like to try to setup our FGT30E to "terminate" an incoming TLS request and then port forward that to another server on our intranet ?
If that is possible, it would an easier solution that having the target server implement TLS itself. A reference to a consultant would suffice also. The application is for a DICOM protocol request coming from a server that would have a certificate itself that is configurable, and there are AETs (Application Entity Titles) that are part of that that can be checked on the target server. It can get a little complicated, which is why I would like to be put in touch with a consultant who I would be willing to pay a fee to if we can get it setup in the best way possible. The alternative are the native TLS for the target server, or using something like Citrix, Stunnel, NGINX, etc.
The intranet is pretty secure, especially if the Fortigate would just forward the request directly to the target server over a wire, which is the way it is setup.
this is gold thanks Mike btw the audio is just fine :)
Ответить
How can I check the SSL/TLS Encryption on Fortigate/Fortinet?
There was a vulnerability reported for a vpn site
Hi Have a fortigate 81F at home to control the internet for kids, please advise how do i get certificates or do a deep SSL for my home network as i dont have a AD directory etc, i just need to have full visibility and proper blocking for my kids intenet, can you share some links to do that
Ответить
Could you please explain how to check the ciphers enabled on SSLVPN settings...using CLI
Ответить
