Based on comments from another school, we’d probably have less memory problems if we swapped to the flow mode. Therefore if you use flow based SSL inspection, clients will need both the root CAĬertificate and the intermediate Fortigate certificate, whereas using proxy mode the clients just need the root CA certificate. In flow based, the FortiGate can replace the certificateįor a SSL session, but can’t add any additional certificates that are in the certificate chain, where as in proxy mode it can included include all certificates in the chain. There are two modes the FortiGate can working in, flow based and proxy based. Active IPv4 Sessions: 13.39K average, 20.51k max.įor the certificates we run an offline root CA, with an intermediate CA certificate issued to the FortiGate. We have been running it, but have reduced the amount of full inspection we do due to the FortiGate 600C hitting memory limits.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |