Thank you for watching! I hope you have a Happy New Year!

any implementation doc with some example?

Hey Osman, not necessarily. This is to mitigate against known SSL VPN attacks, it also allows you to specify more inspection types vs. local in policy.

Yes - check under the local traffic logs instead of forward traffic logs. Despite the policy being for "forwarded traffic" FGT is smart enough to know this traffic will actually terminate on it.

I can assure you that’s not the case. Where are you getting stuck?

Hi @randada1 did you manage to find your answer?

No, due to SSL VPN sessions not being offloaded, it makes very little difference. Fast Path requirements don’t state that you need a physical interface to originate the traffic for Fast Path to take place: docs.fortinet.com/document/fortigate/7.0.9/hardware-acceleration/149012/np6-session-fast-path-requirements

@@mattsherif9141 Thanks and happy new year, looking forward to more of your great content in 2023!

@@oinkersable Happy New Year to you too! Thank you for watching! If there’s anything you want to see, let me know.

Great question! You can pin the SSL vpn instance to a loopback. Allowing you to use threat feeds and other handy features. Thats explained here: kzbin.info/www/bejne/ipDPXpellNSWn5osi=eskibN__w7Wsp1zx

@@mattsherif9141 Thanks. I think its the same video but I just heard you saying that you can use ISDB but not much explanation. Sorry if I have missed it. "You can pin the SSL vpn instance to a loopback": can you explain this more? I have followed your instruction and SSL VPN works on Loopback interface but If I try to use ISDB of malicious IP addresses and put a Deny that it doesn't work.

@@capricornnnn You don't want the ISDB in this case, you want to either come up with your own threat feed and use that a source and deny anything coming from that. You could also use GEO IP adddress objects and block those as well. ISDB doesn't apply in this scenario.

@@mattsherif9141 So what you are saying is that its not possible to use ISDB with SSL VPN terminating to loopback interface? I am testing because what my understanding is that in order to use ISDB then I have to use Loopback interface and its not possible to use ISDB with local in policy. Threat feed can be used with local in policy. If Threat feed is the only way then I am thinking to stick with my current setup and use threat feed using local in policy. Do you have some doc or youtube video how to setup external threat feed. I heard that Talos is free but not sure how to use it.

@@capricornnnn I am not saying that, I am saying your best bet is a threat feed. Here's the doc on configuring a threat feed docs.fortinet.com/document/fortigate/7.2.6/administration-guide/379433/configuring-a-threat-feed