Configuring full SSL inspection
To configure full SSL inspection:
- On the FortiGate, go to Security Profiles > SSL/SSH Inspection, and create a new profile.
Enter a Name, select the certificate from the CA Certificate dropdown menu, and make sure Inspection Method is set to Full SSL Inspection.
- Add the certificate to your web browser's list of trusted certificates. End users will likely see certificate warnings unless the certificate is installed in their browser.
- Next go to Policy & Objects > IPv4 Policy and edit the policy that allows Internet access.
- Under Security Profiles, enable SSL/SSH Inspection and select the custom profile created earlier.
- Enable Application Control and set it to default.