Which action will FortiGate take when using the default settings for SSL certificate inspection, where the server name indication (SNI) does not match either the common name (CN) or any of the subject altemative names (SAN) in the server certificate?
#Config firewall ssl-ssh-profile
edit
config https
set sni-server-cert-check [enable* | strict | disable]
Enable: If the SNI does NOT match the CN or SAN fields in the returned server's certificate, FG uses the CN field instead of the SNI to obtain the FQDN.
Strict: If the SNI does NOT match the CN or SAN fields in the returned server's certificate, FG closes the connection.
Disable: FG does not check the SNI.
Malinda
8 months agoBarbra
8 months agoAshlee
8 months agoDannie
8 months agoMira
8 months agoKaycee
8 months agoSocorro
8 months agoJamal
8 months ago