Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alpha7
New Contributor III

SSL deep scanning/certificate enrollment for BYOD devices

Hi

I have a requirement for a school where students should be able to download and install Fortigate SSL deep scanning certificate to their BYOD devices. Has anyone implemented SSL deep scanning for BYOD devices? if so, how did you enroll the Fortigate SSL deep scanning certificate to BYOD devices since they are not in domain?

 

Thanks

5 REPLIES 5
RobertReynolds
Contributor

When I ran Fortigate's in K-12 BYOD environments we made the certificate available on a pinned topic of the School's Learning Management System (we used Moodle at the time) with instructions for Mac and PC.

 

At another School we invested in an MDM which allowed us to package up and distribute the certificate easily enough.

 

FortiConnect at another School allowed us to create a nice .exe package for the Certificate which was then installed as part of the on-boarding process

I submitted a New Feature Request during the 5.6 firmware beta period around theissue of simplifying the certificate deployment in BYOD environments, which i think was added to the NFR list but not sure if it made any traction internally?

Alpha7

Hi Rob Thanks for your suggestions. Customer has bought Forticonnect. BYOD devices will be in a specific VLAN. One of the Fortinet SE has told me that I need to use smart connect feature in Forticonnect. Have you redirected the users from Fortigate to Forticonnect to download the certificate? How did you do that? Could you please give more details of integrating Fortigate with Forticonnect and the Forticonnect feature need to be used? Thanks
Alpha7
New Contributor III

Has anyone else got experience on this?

MikePruett
Valued Contributor

This isn't a super common deployment. I have only ever had one client do it and they took the manual route. Devices (especially iPhones) just give a really hard time on this.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Wurstsalat
New Contributor III

so while they are not managed you need them to install the certificate itself.

 

Do you use any "Disclaimer" or Login Site for the students before they can access the Internet? Place a link with short instructions on this site where the People can download the certificate to install it.

Labels
Top Kudoed Authors