Fortinet 260 FortiWeb 5.0 Patch 6 Administration Guide
SSL Enable if:
connections to the server use SSL, and
the FortiWeb appliance is operating in a mode other than reverse
proxy
Also configure Certificate File.
Unlike HTTPS Service in policies, when you enable this option, the
FortiWeb appliance will not apply SSL. Instead, it will use the
certificate to decrypt and scan connections before passing the
encrypted traffic through to the web servers or clients (SSL
inspection). See “Offloading vs. inspection” on page 277.
SSL 3.0, TLS 1.0, and TLS 1.1 are supported. See also “Supported
cipher suites & protocol versions” on page 279.
Caution: Failure to enable an SSL option and provide a certificate will
result in the FortiWeb appliance being unable to decrypt HTTPS
connections, and therefore unable to scan HTML, AMF3, or XML
content. You must either enable either this option with Certificate File
in the server farm (SSL inspection), or enable HTTPS Service with
Certificate (SSL offloading).
Note: When this option is enabled, the web server must be
configured to apply SSL. The FortiWeb appliance will use the
certificate to decrypt and scan traffic only. It will not offload SSL
connections.
Note: Ephemeral (temporary key) Diffie-Hellman exchanges are not
supported if the FortiWeb appliance is operating in transparent
inspection or offline protection mode.
Port Type the TCP port number where the web server listens for
connections. The valid range is from 0 to 65,535.
Certificate File Select the web server’s certificate that the FortiWeb appliance will
use when decrypting SSL-secured connections, or select Create New
to upload a new certificate in a pop-up window, without leaving the
current page. For more information, see “Uploading a server
certificate” on page 289.
This option appears only if SSL is enabled, and if FortiWeb is
operating in a mode other than reverse proxy, that performs SSL
inspection. See “Offloading vs. inspection” on page 277.
Setting name Description