Hi All, this document deals with how to exclude URL from SSL inspection in the Fortigate firewall.
For some companies, they need to enable content filter or web content filter to meet the Company’s compliance. By default most of the firewall can block the contents, web URL which is working on HTTP protocol and HTTPS URLs will be bypassed. This is not an issue with the firewall, the firewall is not able to catch the URL or contents since it is SSL encrypted. So we have to use SSL inspection to see what all contents or URL are transferred between client and website. Where Firewall’s SSL certificate will decrypt the contents and checks with the policies applied on the firewall and sent back to the respective website based on the firewall rule is Passed or failed.
In certain we need to exclude some URLs from SSL inspection. Here we will show you, how to use this.
Step 1: log in to the firewall.
Step 2: Goto Policy and Objects
Step 3: Select the Address and create a new address.
Choose the type as FQDN/Wildcard FQDN based on URL, sample address given below.
Step 4: Once you create the address object, select SSL inspection from Security Profiles,
Step 5: Select your Active SSL Inspection Profile from the top right dropdown.
Step 6: Now, there is an option Exempt from SSL inspection. There add the created address and save.
Now the excluded your will not undergo SSL inspection.
© 2019, Techrunnr. All rights reserved.