Results 1 to 2 of 2

Thread: SSL-DPI = Bane of my Existence!

  1. #1
    Junior Member
    Join Date
    Sep 2016
    Posts
    15

    SSL-DPI = Bane of my Existence!

    Anyone else have are really hard time with SSL-DPI with applications such as but not limited to Dropbox, MS S4B (Skype for Business), WebEx, GotoMeeting, OMG APPLE!... I spent the last few days writing a rather large custom configuration script that creates the address book objects (FQDNS and *Wildcards) and associated Address Grps. I was thinking about sharing it for other unfortunate souls like me who struggle with SSL-DPI..

    This file is written for FortiOS 5.2.9, but will work in 5.4.1 however the "set color #" will be green instead of "Red' for 5.4.1; also 5.4.1 will convert the wildcards from "set FQDN" to "set wildcard-FQDN" automatically.

    Even though I use our Domain CA Cert from our Trusted Domain CA, applications like Dropbox/WebEx/GotoMeeting etc. do not trust it... so.. it breaks... To get around this problem, I've discovered that exceptions MUST be made in order for these apps to work.

  2. #2
    I know one thing. I hate anything driven by FQDN. Almost always gives me a hard time.

    Some apps def have to have exceptions made. They are just smarter than others when it comes to knowing the proper cert isn't in place.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •