> The way those in general work (not sure on Fortigate specifically) > is they MITM HTTPS as a proxy, you have to install a certificate > on all the clients that it uses so they trust the forged certs > it provides to the internal clients. There are two HTTPS > connections, one from client to the firewall, one from the > firewall to the actual site. No open source equivalent that > I've seen or heard of.
Aye, there's the rub: you *don't* have to install certs on the clients, at least with Fortigates. The last time I tried to use the feature, it didn't work very well, but that's like the dancing bear - the amazing thing isn't that it dances *well*... Anyway, getting OT and I don't need to start ranting about Fortinet again. -Adam --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
