- Join Our Company
- Email: sanjay@pjnetworks.com
- Phone: +91-9818361787
There was a time when monitoring your network perimeter for threats meant inspecting the traffic you could see. Today, that logic is dangerously broken. According to Fortinet’s Global Threat Landscape Report, more than 80% of all cyberattack traffic now travels over encrypted HTTPS connections. If your firewall is not performing deep SSL/TLS inspection, it is essentially waving through the majority of modern malware, ransomware command-and-control (C2) beacons, and data exfiltration attempts — completely blind.
For Indian enterprise IT and security leaders, this is not a theoretical concern. CERT-In advisories from the past 18 months consistently highlight encrypted channels as the preferred delivery mechanism for advanced persistent threats targeting BFSI, manufacturing, healthcare, and critical infrastructure sectors. Yet a surprising number of organisations still leave SSL inspection either disabled or misconfigured, citing performance concerns or complexity. This guide explains what SSL/TLS inspection is, why it matters, how FortiGate implements it correctly, and what Indian enterprises must do to deploy it without breaking business-critical applications.
SSL/TLS (Secure Sockets Layer / Transport Layer Security) is the cryptographic protocol behind the padlock icon in your browser. When an employee visits https://anything.com, all traffic between their device and that server is encrypted. This is excellent for privacy and data integrity — but it also creates a security blind spot: your next-generation firewall (NGFW) cannot inspect the contents of that encrypted tunnel without first decrypting it.
SSL/TLS inspection — also called SSL deep inspection or HTTPS inspection — solves this by placing the firewall as a trusted man-in-the-middle. The firewall:
Without this, your IPS, antivirus, and web-filtering engines are inspecting encrypted blobs — they see destination IPs and domain names, but cannot see the malicious payload inside.
Threat actors discovered years ago that HTTPS is a free pass through most firewalls. Here is what commonly hides inside encrypted sessions targeting Indian enterprises:
Ransomware loaders, infostealers, and RATs (Remote Access Trojans) are routinely hosted on legitimate-looking cloud storage (Google Drive, OneDrive, Dropbox) or freshly registered HTTPS domains. Without SSL inspection, these files download undetected.
Once malware establishes a foothold, it phones home to attacker infrastructure over port 443. Modern C2 frameworks like Cobalt Strike, Sliver, and Havoc use HTTPS with valid TLS certificates — often signed by Let’s Encrypt — making them indistinguishable from legitimate web traffic without inspection.
Sensitive data — customer PII, financial records, source code — is exfiltrated through HTTPS POSTs to attacker-controlled endpoints or abused cloud services. A firewall without SSL inspection has no visibility into these outbound data transfers, making DPDP Act breach detection nearly impossible.
Credential-harvesting pages are almost universally served over HTTPS today. Without SSL inspection, users can visit a fully encrypted phishing page and your security stack will report nothing unusual — a legitimate HTTPS session to an unknown domain.
Attackers increasingly use DNS-over-HTTPS to bypass traditional DNS security controls, tunnelling malicious DNS queries inside what appears to be normal HTTPS web traffic. FortiGate’s SSL inspection pipeline is essential for catching this technique.
The most common objection we hear from Indian enterprise network teams: “SSL inspection will kill our throughput.” This was a legitimate concern five years ago with software-based firewalls. FortiGate hardware from the mid-range FG-100F upward uses Fortinet’s purpose-built NP7 and CP9 security processing units (SPUs) — custom ASICs that offload TLS decryption and encryption to dedicated silicon, keeping latency impact under 1 millisecond in most enterprise deployments.
A properly sized FortiGate deployed with SSL inspection enabled will sustain full-speed inspection across thousands of concurrent encrypted sessions without the performance degradation teams fear. The key is correct sizing — something PJ Networks’ pre-sales engineering team evaluates as part of every engagement.
FortiGate’s SSL inspection engine is tightly integrated with all security profiles. Here is what it enables:
FortiGate supports two modes. Full SSL Inspection performs complete decryption and content scanning — recommended for most outbound traffic. Certificate Inspection only validates the certificate without decrypting content — useful for traffic where full inspection is legally restricted (banking SSL, certain SaaS apps). Understanding which traffic should be fully inspected versus exempted is a critical design decision.
For full inspection, FortiGate presents its own certificate authority (CA) certificate to clients. This CA certificate must be pushed to all endpoints via Group Policy (GPO) or Mobile Device Management (MDM) so browsers trust the inspection proxy. PJ Networks handles this as part of a managed rollout.
Not all HTTPS traffic should be inspected. Banking portals, certain government sites, and applications that implement certificate pinning will break under inspection. FortiGate’s SSL exempt list allows administrators to whitelist specific URLs, domains, or IP ranges from inspection — balancing security with business functionality.
Decrypted traffic feeds directly into FortiGate’s IPS engine (powered by FortiGuard Labs), antivirus scanning, web content filtering, DNS filtering, and application control. The FortiGate Security Fabric also enables threat intelligence sharing with FortiSandbox for zero-day file analysis — all without the payload ever leaving your inspection pipeline unscanned.
Every inspected session generates detailed logs including URL, content category, detected threat (if any), and action taken. These logs flow into FortiAnalyzer or your SIEM platform, giving your SOC analysts — or PJ Networks’ 24/7 SOC team — full visibility into encrypted traffic for threat hunting and forensics.
India’s Digital Personal Data Protection (DPDP) Act 2023 requires organisations to implement appropriate technical and organisational measures to prevent personal data breaches. CERT-In’s revised guidelines (effective 2022, enforced through 2025–26) mandate that organisations maintain audit logs, report incidents within six hours, and demonstrate network security controls.
Without SSL inspection, an organisation cannot:
Enabling SSL inspection with proper logging is therefore not just a technical best practice — it is increasingly a compliance requirement for Indian enterprises subject to DPDP and CERT-In mandates.
Here is a practical deployment checklist for enterprise teams:
Before enabling inspection, run FortiGate’s traffic analysis for 48–72 hours to identify top application categories, high-volume domains, and any certificate-pinned applications. This prevents surprise breaks after enabling inspection.
In FortiGate: System > Certificates > Generate. Export the CA certificate and distribute it to all managed endpoints via GPO (Windows), MDM (mobile devices), and package management (Linux/Mac). Test on a pilot group first.
Pre-populate exemptions for: banking and financial services domains, government portals (.gov.in, .nic.in), known certificate-pinned applications (Zoom, Microsoft Teams if pinned), and any internal applications using self-signed certificates. Update this list iteratively.
Create a dedicated SSL Inspection Profile in FortiGate with Full Inspection enabled for outbound traffic. Apply it to firewall policies covering internet-bound sessions from all user VLANs. Link the profile to your IPS, antivirus, web filter, and application control profiles.
Monitor FortiAnalyzer or your SIEM for SSL inspection errors (broken sessions, certificate errors) over the first week. Work through exemptions iteratively. PJ Networks’ managed SOC team reviews these alerts as part of ongoing managed firewall operations.
For remote workers accessing corporate resources via ZTNA or SSL-VPN, ensure SSL inspection policies are applied consistently. FortiGate ZTNA proxies support SSL inspection for application traffic, extending visibility to remote sessions without requiring split tunnelling workarounds.
Configuring SSL inspection correctly requires expertise, ongoing tuning, and 24/7 monitoring to detect when inspection breaks applications or when new threats are identified in decrypted traffic. PJ Networks delivers this as part of our Managed FortiGate NGFW service:
Our engineers have deployed SSL inspection across Indian enterprises in BFSI, manufacturing, healthcare, and IT/ITES sectors — each with unique application stacks and compliance requirements. We know where the edge cases are and how to handle them cleanly.
The security principle is simple: you cannot defend against threats you cannot see. If your enterprise firewall is passing encrypted HTTPS traffic uninspected — which represents the overwhelming majority of today’s threat traffic — you have a significant gap in your security posture that threat actors are actively exploiting.
FortiGate’s SSL/TLS inspection, properly deployed with appropriate exemptions, CA certificate distribution, and 24/7 SOC monitoring, closes this gap. It gives your security team the visibility they need into encrypted traffic to detect malware delivery, C2 communication, data exfiltration, and phishing infrastructure before they cause damage.
For Indian enterprises navigating DPDP Act compliance, CERT-In obligations, and an increasingly hostile threat landscape, SSL inspection is no longer optional — it is a foundational security control.
PJ Networks can deploy and manage FortiGate SSL Inspection for your enterprise. Our 24/7 NOC/SOC team monitors your decrypted traffic around the clock, detects threats the moment they appear, and responds before damage is done. Contact us to schedule a no-obligation network security review and SSL inspection readiness assessment.