Topic Thread

Next Generation Firewall (NGFW)

 View Only
Expand all | Collapse all

TLS 1.3 and Kerberos vs. TS-Agent

  • 1.  TLS 1.3 and Kerberos vs. TS-Agent

    Posted Feb 07, 2020 07:33 AM
    Hi everyone,

    currently i have to figure out 2 things for a customer.

    1. Is it possible to inspect TLS 1.3 traffic for anti-virus and url-filter with the fortigate? Flow-based, proxy-based or only explicit-proxy?
    2. I read that fortigate can do kerberos authentification when using the explicit proxy. Does anybody know if it works well for terminal servers or should i use the TS-Agent?

    Can anybody answer 1 one or both questions?

    Thank you. Best regards.



  • 2.  RE: TLS 1.3 and Kerberos vs. TS-Agent

    Posted Apr 15, 2020 05:33 AM
    Hello

    to 1. it works with SSL VPN
    https://docs.fortinet.com/document/fortigate/6.2.0/new-features/35927/tls-1-3-support
    As SSL Server
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD47746 
    SSL inspection should work, from the perspective of the technic..
    • URL Filtering, along the SSL Inspections resolves the TLS Header and content is visible and able to process.
    • Anti-Virus should work, in the same manner, the architecture of the Forti OS Software don't need any additional configuration.