You configured a firewall policy with only a Web filter profile for accessing the Internet. Access to websites belonging to the "Information Technology" category are blocked and to the "Business" category are allowed. SSL deep inspection is not enabled on this policy.
A user wants to access the website https://www.it-acme.com which presents a certificate with CN=www.acme.com. The it-acme.com domain is categorized as "Information Technology" and the acme.com domain is categorized as "Business".
Which statement regarding this scenario is correct?
A . The FortiGate is able to read the URL within HTTPS sessions when using SSL certificate inspection so the website will be blocked by the "Information Technology".
B . The website will be blocked by category "Information Technology" as the SNI takes precedence over the certificate name.
C . The website will be allowed by category "Business" as the certificate name takes precedence over the UR
E . Only with SSL deep inspection enabled will the FortiGate be able to categorized this website.
Answer: B
Leave a Reply