Hot!FortiOS 5.6 - SSL Inspection Settings Greyed Out

Author
BrianV
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/01/19 19:14:34
  • Status: offline
2017/07/16 05:11:33 (permalink)
0

FortiOS 5.6 - SSL Inspection Settings Greyed Out

I've got a 60D running 5.6. I'm trying to enable some simple IPS rules like RDP brute force, FTP brute force, etc. Enabling the IPS on a policy requires adding SSL Inspection to the same policy. While I don't mind cert inspection, I don't want to do deep inspection. Granted, I'm not routing traffic through a MITM proxy on the Fortigate, all of the "deep-inspection" settings are on but entirely greyed out. I can't for the life of me figure out how do adjust any of these settings.
 
Any advice? Image attached.

Attached Image(s)

#1

3 Replies Related Threads

    BrianV
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/01/19 19:14:34
    • Status: offline
    Re: FortiOS 5.6 - SSL Inspection Settings Greyed Out 2017/07/16 05:18:03 (permalink)
    0
    JFYI, I've somewhat circumvented this by enabling "Mutliple Security Policies" which now at least allows me to create separate SSL inspection policies and enable them on each policy accordingly.
    #2
    hmtay_FTNT
    Gold Member
    • Total Posts : 177
    • Scores: 22
    • Reward points: 0
    • Joined: 2017/02/22 11:02:10
    • Status: offline
    Re: FortiOS 5.6 - SSL Inspection Settings Greyed Out 2017/07/17 01:34:51 (permalink)
    0
    Hello Brian,
     
    What you did was correct. You were trying to modify the default "deep-inspection" profile which is not allowed now in 5.6. To create a different one, you need to allow "Multiple security profiles" and create a new one.
     
    As for the question of the Fortigate forcing an SSL-Inspection profile on a policy, if you select certificate-inspection, the Fortigate is not doing a MiTM. It is only scanning the hostname.
     
    Homing
    #3
    isisjerry
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/08/10 12:09:12
    • Status: offline
    Re: FortiOS 5.6 - SSL Inspection Settings Greyed Out 2017/08/11 09:02:06 (permalink)
    0
    I don't see how creating a second SSL-Inspection profile allows me to turn off that feature. It allows me to change some traits but I still can't disable it completely.
    In case you are wondering how to turn on "Multiple security profiles": 
    System > Feature Visibility > Multiple Security Profiles
    Jerry
    #4
    Jump to:
    © 2017 APG vNext Commercial Version 5.5