'Reputable Websites' for SSL inspection

Author
TimB_Unbound
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/06/17 09:24:23
  • Status: offline
2016/10/18 13:38:40 (permalink)
0

'Reputable Websites' for SSL inspection

What defines a reputable website? 
 
With the new Reputable Websites option in 5.4.1 I'd really like to understand what actually defines a reputable website. I understand from the documentation that it is a "secure white list database" of "reputable domain names that cain be excluded from ssl deep inspection".
 
When working with something that can potentially poke a very large hole in my security fabric I'd really like a better understanding of exactly how this works. For any Fortinet staff, if this is something proprietary a general answer would be great..
 
Although I'm looking for a general answer I'm mostly concerned with how sites that include user content are handled. 
#1
telecosistem
Bronze Member
  • Total Posts : 35
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/01/24 04:33:04
  • Location: Barcelona
  • Status: offline
Re: 'Reputable Websites' for SSL inspection 2016/10/25 09:40:13 (permalink)
0
This new feature above 5.4 firmware help you to indicate a white list of websites. This database is syncrhonized through Fortiguard. On this way won't apply the SSL content for these websites.
 
Best regards,
 
Follow us: 
SSL Content - Fortinet en español.

https://networkingcontrol.../ssl-content-fortinet/
#2
TimB_Unbound
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/06/17 09:24:23
  • Status: offline
Re: 'Reputable Websites' for SSL inspection 2016/11/10 08:39:14 (permalink)
0
telecosistem, thanks for the input but it doesn't really help describe what this function would allow through unencrypted.
 
A couple cases that I would have thought should have been addressed - google.com and a couple core addresses used for Skype for Business - are both still being inspected with this option enabled. 
 
We should have better understanding of the what these products are actually doing. 
#3
tmacca
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/11/18 07:06:12
  • Status: offline
Re: 'Reputable Websites' for SSL inspection 2016/11/18 08:33:00 (permalink)
0
+1 from me
 
I would like to know more about the 'reputable websites'
Where can I find out what sites are on this list? How is it maintained? What constitutes a 'reputable site'?
 
Thanks
 
#4
gsarica
Bronze Member
  • Total Posts : 60
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/28 13:23:52
  • Status: offline
Re: 'Reputable Websites' for SSL inspection 2016/11/18 09:08:28 (permalink)
0
I could be wrong, but I believe it's the list in System -> Reputation. You can type in a site like www.google.com and see the reputation, maybe if it's listed as 'trusted' here it's passed through inspection?
#5
tmacca
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/11/18 07:06:12
  • Status: offline
Re: 'Reputable Websites' for SSL inspection 2016/11/21 01:47:52 (permalink)
0
Hi gsarica, thanks for your response
 
I can't see that menu option? (600c running 5.2.8)


Where exactly do I find this?
 
TIA 
post edited by tmacca - 2016/11/21 02:07:28
#6
gsarica
Bronze Member
  • Total Posts : 60
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/28 13:23:52
  • Status: offline
Re: 'Reputable Websites' for SSL inspection 2016/11/28 05:47:01 (permalink)
0
Sorry we're running 5.4.2 like the OP, the option seems to be there for us. Not sure about 5.2.8.
#7
Jump to:
© 2018 APG vNext Commercial Version 5.5