FortiGate Parameter

FortiGate Parameter Description

Corresponding Sangfor NGAF Module/Parameter

Migration Notes

name

Policy template name

Policies > Decryption

The name can be kept consistent

inspect-all

Whether to inspect all SSL traffic deeply

Policies > Decryption

Typically used for enterprise-wide HTTPS control

caname

Issuing intermediate CA certificate

Policies > Decryption

Not supported

untrusted-caname

For issuing untrusted certificates

Policies > Decryption

Not supported

untrusted-cert

How to handle untrusted certificates

Policies > Decryption

Not supported

expired-cert

How to handle expired certificates

Policies > Decryption

Not supported

cert-validation-timeout

Validation timeout behavior

Policies > Decryption

Not supported

client-cert-request

Client certificate request policy

Policies > Decryption

Not supported

ssl-exemptions

SSL exemption addresses/domains

Policies > Decryption

Not supported

ssl-algorithm

Allowed encryption strength

Policies > Decryption

Not supported

server-cert-validation

Whether to validate server certificate chain

Policies > Decryption

Not supported

supported-versions

Supported SSL/TLS protocol versions

Policies > Decryption

NGAF supports TLS 1.0–1.3

ssh-policy

SSH traffic inspection mode

Policies > Decryption

Not supported

log-invalid-cert

Whether to log certificate exceptions

Policies > Decryption

Not supported

ssl-allow-ssl-v3

Whether to allow SSLv3

Policies > Decryption

Not supported