Hot!SSL deep scanning/certificate enrollment for BYOD devices

Author
Alpha7
New Member
  • Total Posts : 18
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/01/13 01:36:33
  • Status: offline
2017/07/13 08:43:38 (permalink)
0

SSL deep scanning/certificate enrollment for BYOD devices

Hi
I have a requirement for a school where students should be able to download and install Fortigate SSL deep scanning certificate to their BYOD devices. Has anyone implemented SSL deep scanning for BYOD devices? if so, how did you enroll the Fortigate SSL deep scanning certificate to BYOD devices since they are not in domain?
 
Thanks
#1

5 Replies Related Threads

    RobertReynolds
    Bronze Member
    • Total Posts : 21
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/06/29 21:27:23
    • Location: Sydney, Australia
    • Status: offline
    Re: SSL deep scanning/certificate enrollment for BYOD devices 2017/07/13 19:33:25 (permalink)
    0
    When I ran Fortigate's in K-12 BYOD environments we made the certificate available on a pinned topic of the School's Learning Management System (we used Moodle at the time) with instructions for Mac and PC.
     
    At another School we invested in an MDM which allowed us to package up and distribute the certificate easily enough.
     
    FortiConnect at another School allowed us to create a nice .exe package for the Certificate which was then installed as part of the on-boarding process

    I submitted a New Feature Request during the 5.6 firmware beta period around theissue of simplifying the certificate deployment in BYOD environments, which i think was added to the NFR list but not sure if it made any traction internally?
    #2
    Alpha7
    New Member
    • Total Posts : 18
    • Scores: 2
    • Reward points: 0
    • Joined: 2014/01/13 01:36:33
    • Status: offline
    Re: SSL deep scanning/certificate enrollment for BYOD devices 2017/07/23 23:24:44 (permalink)
    0
    Hi Rob
    Thanks for your suggestions. Customer has bought Forticonnect. BYOD devices will be in a specific VLAN. One of the Fortinet SE has told me that I need to use smart connect feature in Forticonnect. Have you redirected the users from Fortigate to Forticonnect to download the certificate? How did you do that? Could you please give more details of integrating Fortigate with Forticonnect and the Forticonnect feature need to be used?

    Thanks
    #3
    Alpha7
    New Member
    • Total Posts : 18
    • Scores: 2
    • Reward points: 0
    • Joined: 2014/01/13 01:36:33
    • Status: offline
    Re: SSL deep scanning/certificate enrollment for BYOD devices 2017/07/28 04:03:31 (permalink)
    0
    Has anyone else got experience on this?
    #4
    MikePruett
    Platinum Member
    • Total Posts : 644
    • Scores: 12
    • Reward points: 0
    • Joined: 2014/01/08 19:39:40
    • Location: Montgomery, Al
    • Status: online
    Re: SSL deep scanning/certificate enrollment for BYOD devices 2017/08/02 19:15:01 (permalink)
    0
    This isn't a super common deployment. I have only ever had one client do it and they took the manual route. Devices (especially iPhones) just give a really hard time on this.

    Mike Pruett
    Fortinet GURU
    #5
    Wurstsalat
    New Member
    • Total Posts : 12
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/10/18 01:05:35
    • Status: offline
    Re: SSL deep scanning/certificate enrollment for BYOD devices 2017/08/03 00:21:06 (permalink)
    0
    so while they are not managed you need them to install the certificate itself.
     
    Do you use any "Disclaimer" or Login Site for the students before they can access the Internet? Place a link with short instructions on this site where the People can download the certificate to install it.
    #6
    Jump to:
    © 2017 APG vNext Commercial Version 5.5