FortiGate Firewall: Deep Packet Inspection / SSL/TLS MITM Explored
ฝัง
- เผยแพร่เมื่อ 18 พ.ค. 2024
- In this video, I explain why Deep Packet Inspection and SSL Man in the Middle are so important to protecting your environment. Recent studies have indicated that up to 90%+ of traffic is now encrypted.
FortiGate Firewalls have two different inspection capabilities the first is Certificate that looks for information such as the SNI header for information BEFORE encryption once the session is encrypted by TLS it can no longer see what is going on. This is where Deep Packet Inspection comes in as it's sat in the middle of the session it's able to decrypt the TLS session and inspect the traffic before re-encrypting and sending it onwards.
I talk through the TCP 3-way handshake and when TLS gets involved before showing how to implement deep packet inspection on a Fortigate 80F firewall.
* SSL is now known as TLS
// Chris SOCIAL //
/ chris-eddisford-5b676462
// Time Stamps //
0:00 - Introduction & Please Subscribe!
0:33 - Importance of Deep Packet Inspection
2:46 - The need to install a Certificate on the client, why this is tough for large deployments!
3:55 - Demonstration using Chrome and capturing the packets in Wireshark
5:20 - What does this look like using Wireshark?
6:33 - Certicate-based inspection what information is it using? Including SNI Header!
7:40 - Traffic is now encrypted
8:07 - How to configure inspection FortiGate Firewall (Security Policy)
10:02 - How to configure inspection FortiGate Firewall (Firewall Policy)
11:29 - Disclaimer and video wrap up!
13:10 - If you can enable it! Here is why!
// Keywords //
Fortinet
Fortigate
TCP
TLS
Deep Packet Inspection
SSL Man In The Middle (MITM)
Fortinet Fabric
Fortinet how to
Fortinet guide
Fortinet network security
Cybersecurity
// HashTags //
#cybersecurity
#networking
#fortinet
Thanks for this!
My pleasure!
Love the new mic! Deep packet inspection disclaimer is a plus. I’ve bashed my head multiple times trying to troubleshoot applications until I’ve added all urls as exclusions.
Glad you like it! Let me know if there is any specific content you would like to see?
Loving this series, invaluable training being offered here, especially the wrap up section. Things can, will and do go wrong in the wild and that's where you learn the most.. Also it's where you want to throw the whole thing out the window xD
Thank you very much watch out for certificate pinning that will cause mayhem the ring doorbell app and Dropbox are good examples that implement this 🤣 Let me know if there is anything specific you would like to see!
Liked and subscribed. Thanks for the uploads.
Your very welcome! Thanks for the messages.
indeed, a knowledgeable session, loved it!!
Glad you enjoyed it thank you for the feedback! So many other videos on the channel now check them out!
I don't know what you did, but the audio is way better. I still hear some echo-ing but much less, nice! I hope you could do a part 2 in the future where you actually show how to troubleshoot those urls that you need to exempt/make another policy for because I think if people know how to quickly troubleshoot, it would make it easier to implement. Great video, love the breakdown of the SYN/TLS handshake.
Brand new microphone! Yes I’ll do a video around known applications that don’t like deep packet inspection because of things like certificate pinning.
Well crafted content
Thank you very much!