question

firsthop avatar image
0 Likes"
firsthop asked

How does packet capture tool work with encryption?

How does the 7.2 packet capture tool handle encrypted traffic? If SSL inspection is enabled, is the traffic in the PCAP still encrypted?

SSL SSH inspectionPacket capture
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

·
stylus avatar image
0 Likes"
stylus answered

Mostly, the captures generated by FortiOS are the same as what you get on the wire. So in the case of SSL, the packets are still encrypted.

But, if you apply SSL mirroring, FortiOS sends the decrypted payloads to the specified destination. In this case, the decrypted packets can be captured. You could set the destination to a loopback interface so you can run packet captures without sending packets out of the FortiGate.

· 1
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

ninoslavmedan avatar image ninoslavmedan commented ·
Hi There, is there somewhere I guid on how to capture traffic on a loopback interface? I tried using CLI but actually it did not capture anything (tried to configure loopack interface as one-arm and without, none worked.

Regards

Nino

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Welcome to FortiAnswers

FortiAnswers is the space dedicated to FortiSASE and FortiOS questions and suggestions.

  • Please review the Community guidelines
  • If you are a moderator, please refer to the Moderation guidelines
  • If something in the above guidelines is unclear, please post your question to the Community Feedback space or the Moderators' space