SSL inspection and Beam123 ( Fortigate v 5 patch 3)

bekjos01 · ‎08-12-2013

Hello all, There is a long time ago, i' m experiencing problem with accessing to beam123 for remote troubleshooting. When i used sssl /ssh deep inspection, it is not possible to connect. But if i desable ssl inpection, i can do it; the only problem is that the blocked https web sites can not display the remplassement message. Can some one help me?

BAJ

Dave_Hall · ‎08-12-2013

Anything preventing you from creating a firewall policy to exclude beam123 from content filtering then moving this rule up in the firewall chain so it can be triggered? You would create one or more fqdn objects for beam123 (and any other site needed for access) and use that as the target or dest address in your firewall rule.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

bekjos01 · ‎08-12-2013

Think you, I have created the objects and the policy, but it is the same issue. See the pictures please. Regards

BAJ

bekjos01 · ‎08-12-2013

The objects pictures

BAJ

Dave_Hall · ‎08-15-2013

I can' t tell from your screenshots what items are under what columns, but you will want to put your unblock fw rule above your general fw policies and any fw polices that may interfere (e.g. block) your unblock rule.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

bekjos01 · ‎08-16-2013

The rule in my pictures i sent are the first rule i.e above all others. Regards.

BAJ