FortiGate 6.0: Understanding and Implementing Deep Packet Inspection

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everybody today we are going to be discussing deep packet inspection and why you should be using it one of the amazing things about the FortiGate firewalls is that it has a very in-depth security functionality but encrypted traffic they're severely hampers the ability to scan the content of a packet so one of the ways to get around that is to do deep packet inspection and I'm as you can see on the screen here we have the coordinate cookbook for why you should use deep packet inspection and the basic concept is that you know if if these packets are encrypted your web filtering your application controls they can't read the encrypted packet so what we do is we create a session from the client to the FortiGate we decrypt that traffic we scan that traffic we re encrypt it and then we send it out to your bank's website or wherever and what this allows the FortiGate to do is to collect and control and actually adhere your policies to the network traffic so one of the things that you need to do and be mindful of is to make sure to avoid certificate errors especially if you have a lot of clients on your network you're going to get a lot of calls saying that you know they're trying to go to google.com and they're getting certificate errors and one of the ways that you're going to do avoid that is by implementing the FortiGate certificate into your network so over here and in the FortiGate I'm gonna go to security profiles and I'm going to go to SSL SSH inspection you I'm going to drop down and I'm going to select the default deep inspection policy and there's a there's a lot of different options here but we'll just go over some of the high-level ones we want this policy to do full SSL inspection and we are going to use the default for the net certificate that came with the device now what you can do is you can implement your own third-party certificate from digi search or another third-party validator but for now for this example we're just going to use the default one we actually need to download this certificate so I'm going to save it save it to our test reference that later so untrusted SSL Certificates we have this set to block we're also going to RPC I'm going to keep all this standard as secure socket layer protocols on here what you can do is you can exempt reputable websites based on for two guards web filtering service from deep packet inspection so if you know that there is a particular category that you think is ok let's see say an education website if you want to specifically exempt education websites from being scanned you can do that you can also select specific addresses if you have an address defined in here you know Dropbox comm Android Adobe you can exempt specific addresses and you can log those as those exemptions as well so part of SSL inspection is we're also going to inspect SSH and we're going to use the standard port 122 on that I do not want to allow invalid SSL certificates so we're just going to keep this I'm not gonna allow any exemptions I'm just going to go ahead and apply the full policy so we have our default deep packet inspection policy now what we need to do is go to our IP ipv4 policies so we have a I created a policy for deep packet inspection and it has everything except for one wireless signal one wireless interface to the way in and right now I don't have any security profiles on it and I'm only log in UTM so what I'm gonna do is I'm gonna change the logs that is to all and I am going to enable default deep inspection actually in in conjunction with that which go into the policy itself so in conjunction with that I want to use do I want to monitor all web traffic I want to monitor all applications and I'm going to use intrusion prevention on this policy so we got our default proxy settings I'll go ahead and click okay you so now you know probably about a day from now when I get my report we are going to be able to see a lot more of the traffic that's coming off of this and we were yesterday so let me go back to my reports and pull up the most recent report you so what you see is most of this traffic is unscanned and it's unscanned because it's going out encrypted over the over the connection and I can't scan that so now that we've implemented deep packet inspection well we should see tomorrow is that there's a lot more data that is scanned and we should be able to get a lot more insight into the activity on our network because of that now from a client perspective what we need to do to make sure that we're not getting certificate errors is we need to go into our internet explorer that Internet Options we downloaded that certificate a little bit earlier we're going to content we're going to clear the SSL state and then we're gonna go to our certificates and what we want to do is go to the trusted root certificate authority and import that certificate we just browse to our desktop select that certificate and import it and we're gonna put that in the trusted root certificate authorities folder now I've already placed that in here to do yep just see is the certificate right here so that's already been done on 5/30 so I don't need to redo that on my computer now the only thing that that will work for Google Chrome and Internet Explorer for Firefox you have to specifically set that certificate for Firefox and you're also going to need to do that on your mobile devices as well but now we should be able to browse out to the Internet and go to google.com without getting any certificate errors so we'll see is that that it's just a normal website yeah switch to Chrome all right everybody wants me to use their browser so we didn't get any certificate areas like we did before so we're good to go with that and then you know check it tomorrow and see what type of traffic you're getting

Info

Channel: Connelly Ventures

Views: 31,442

Rating: undefined out of 5

Keywords: FortiGate 6.0, FortiGate, FortiOS 6.0, FortiOS, Firewall, Cyber Security, Security Fabric, Network Security, Network, Software Defined Networking, SDN

Id: fqIObtOigEM

Channel Id: undefined

Length: 7min 35sec (455 seconds)

Published: Mon Jun 11 2018