We're using a FortiGate 620B (v5.2.9) for offloading SSL traffic to our website. Now we would like to activate the Intrusion Protection System (the IPS).
However in order for the IPS to work, SSL deep inspection needs to be activated, which de-crypts the traffic before handing it over to the IPS.
As soon I activate the SSL deep inspection the CPU load triples, which clearly shows that FortiGate is doing some extra work - and a lot of it (it's probably decrypting,inspecting and ten recrypting the traffic, before passing it to over the SSL offloading).
The question here is should SSL deep inspection be turned on, since our FortiGate already does SSL offloading? Will IPS work without SSL inspection?