FortiGate Firewall: Deep Packet Inspection / SSL/TLS MITM Explored

In this video, I explain why Deep Packet Inspection and SSL Man in the Middle are so important to protecting your environment. Recent studies have indicated that up to 90%+ of traffic is now encrypted.

FortiGate Firewalls have two different inspection capabilities the first is Certificate that looks for information such as the SNI header for information BEFORE encryption once the session is encrypted by TLS it can no longer see what is going on. This is where Deep Packet Inspection comes in as it's sat in the middle of the session it's able to decrypt the TLS session and inspect the traffic before re-encrypting and sending it onwards.

I talk through the TCP 3-way handshake and when TLS gets involved before showing how to implement deep packet inspection on a Fortigate 80F firewall.

SSL is now known as TLS

// Chris SOCIAL //

  / chris-eddisford-5b676462  

// Time Stamps //

0:00 - Introduction & Please Subscribe!
0:33 - Importance of Deep Packet Inspection
2:46 - The need to install a Certificate on the client, why this is tough for large deployments!
3:55 - Demonstration using Chrome and capturing the packets in Wireshark
5:20 - What does this look like using Wireshark?
6:33 - Certicate-based inspection what information is it using? Including SNI Header!
7:40 - Traffic is now encrypted
8:07 - How to configure inspection FortiGate Firewall (Security Policy)
10:02 - How to configure inspection FortiGate Firewall (Firewall Policy)
11:29 - Disclaimer and video wrap up!
13:10 - If you can enable it! Here is why!

// Keywords //

Fortinet
Fortigate
TCP
TLS
Deep Packet Inspection
SSL Man In The Middle (MITM)
Fortinet Fabric
Fortinet how to
Fortinet guide
Fortinet network security
Cybersecurity

// HashTags //

#cybersecurity
#networking
#fortinet