When FortiGate performs SSL certificate inspection, what does it use if the SNI field is present?

When FortiGate performs SSL certificate inspection and the SNI (Server Name Indication) field is present, it utilizes this information to retrieve the Fully Qualified Domain Name (FQDN) to rate the site. The SNI field, which is part of the SSL/TLS protocol, allows a client to indicate the hostname it is trying to connect to during the SSL handshake. By doing this, FortiGate can identify the specific site the client is attempting to reach, leading to more accurate inspection and enforcement policies based on that FQDN.

This capability is particularly useful in environments where multiple secure sites are hosted on the same IP address, allowing FortiGate to apply the appropriate security policies based on the specific domain. This enhances the firewall’s ability to monitor and control the traffic more effectively, ensuring that the appropriate security measures are in place for different domains.

In this scenario, other options do not accurately describe the process that FortiGate uses with SNI information. While generating a new SSL certificate or re-encrypting data is part of the SSL inspection process, they do not specifically relate to the use of SNI. Bypassing the SSL handshake entirely is not the case either, as SNI facilitates a more informed inspection rather than