Hot!SSL Deep Inspection

Author
Pizzaman7
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/11/27 12:50:38
  • Status: offline
2018/11/27 13:09:49 (permalink)
0

SSL Deep Inspection

Hi,
 
I am new to Fortigate.  I have a 30E that I have been working on.  I upgraded it to the latest 6.0.3 Firmware level.
 
I am trying to ascertain if using SSL Deep Inspection is a better option than the default without putting too high of a strain on the unit.  It might be better for Anti-Spam as I have an internal e-mail server.  I am not sure how good the Anti-spam is working yet as I am using the default SSL Inspection and did tie it to my firewall policies.
 
For the Certificate I am just using the internally self-signed certificate and don't plan on getting one from a public CA and paying for it.  I can use Group Policy to distribute it to my machines.  I do have an internal CA.  I did do this when I was a Sophos house.  Thanks in advance for any assistance you can grant me.
#1
bmorris
New Member
  • Total Posts : 10
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/10/23 02:38:31
  • Status: offline
Re: SSL Deep Inspection 2018/12/07 03:20:15 (permalink)
0
Hi,
 
I'd always go for deep inspection over certificate inspection where possible, better protection from encrypted traffic.
 
What resource usage do you have on your device at the moment? Conserve mode activates at 88% memory usage so bear that in mind when you enable it. Enabling deep inspection will increase resource usage.
#2
Jump to:
© 2018 APG vNext Commercial Version 5.5