FortiGate Deep Packet Inspection (SSL Decryption) Explained + Full Configuration Guide (with PKI)

Welcome back. In this video, I break down Deep Packet Inspection (DPI) and SSL decryption on a FortiGate firewall. I explain what it is, why it matters, and how to configure it step-by-step. I also included some real world use cases that you can implement in your network once DPI is configured and working. I have timestamps below so you can skip around. I start with a simple explanation of how encrypted vs unencrypted traffic works, and why SSL inspection is critical for modern network security. Then we move into a full FortiGate configuration demo. Agenda: What Deep Packet Inspection (DPI) is and how SSL decryption works Why SSL inspection is required for full visibility and security Configuring SSL/SSH inspection profiles on a FortiGate Using the built-in FortiGate CA certificate for quick deployment Demonstrating security features enabled by DPI: Antivirus inspection Web filtering (including keyword/content filtering) Application control Handling real-world challenges (certificate pinning, exemptions, etc.) Creating and using your own PKI (Sub CA) for SSL inspection Exporting certificates and importing them into FortiGate Deploying trusted certificates to endpoints By the end of this video, you should have a decent understanding of how DPI works on a FortiGate, and how to configure it. If you have any questions, you can leave a comment and I will assist you! Timestamps: 0:00 Intro and Presentation 12:45 Built in SSL Inspection Profiles 13:38 Creating our own DPI profile 14:51 Inspection Excemptions 16:07 Firewall Policy 17:20 Configuring the Client 20:30 Use Case 1- AntiVirus Scanning 23:50 Use Case 2- Logging Searched Words 26:40 Use Case 3- Blocking Specfic Word Searches 28:22 Use Case 4- Safe Search Enforcement 29:15 Use Case 5 - Granular Application Control 34:41 Using Our Own Certificate via Windows PKI