I am interested in getting a Fortinet firewall for a SOHO setup. I would like to do some testing with the TLS 1.3 Deep Packet Inspection, which Fortinet advertises their devices as capable of. Unfortunately their licensing model isn’t very clear to me and I am not sure whether or not their Unified Threat Protection bundle includes the DPI capability.
The image below comes from their “ordering guides” but the information I am looking for is still provided.
FortiGuard Bundles:
Does anyone happen to know whether the UTP bundles does in fact include DPI that will work with TLS 1.3?
All the packages will do DPI or SSL decrypt with TLS 1.3, but once that traffic is decrypted you need to know what feature is needed to further inspect the traffic.
Personally I would look into the lab license offering since it’ll save you a good bit of money for labbing and testing.
Hey! I ran into the same confusion when setting up my FortiGate at home. From what I found, TLS 1.3 DPI is supported, but you’ll need the Enterprise Protection bundle—not just UTP. It’s a licensing rabbit hole, honestly. Definitely worth double-checking with a Fortinet rep too.