SSL Inspection Policy
Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide|190
SSL Inspection Policy
SSL Inspection
The Access Policy view > SSL Inspection section > Policy page lets you enable and configure SSL
inspection. When you turn on this setting, you allow different Software Blades that support SSL inspection to
inspect traffic that is encrypted by the Secure Sockets Layer (SSL) protocol. To allow the gateway to inspect
the secured connections, all hosts behind the gateway must install the gateway CA certificate.
Software Blades that support SSL traffic inspection:
n
Application & URL Filtering
n
IPS
n
Anti-Virus
n
Anti-Bot
n
Threat Emulation
Important - You cannot use Smart Accel and SSL Inspection at the same time.
Deploying SSL Inspection
To deploy SSL inspection:
1. Select SSL Traffic Inspection.
2. Click Download CA Certificate to download the gateway's internal CA certificate.
Note - The certificate is available for all users on the gateway. You do not need
administrator credentials. If you do not have administrator credentials, connect from an
internal or wireless network to http://my.firewall/ica or https://<IP_Address_
of_Appliance>/ica.
You must install this certificate on every client behind the gateway.
To install the certificate:
1. Manually copy the certificate file to your PC.
2. In the Windows PC, click the file and follow the wizard instructions to add the certificate to the Trusted
Root Certification Authorities repository.
Note - This is not the default repository in the Certificate Import Wizard.
Certificate installation varies according to the OS. To learn how to install the certificate in your
machine, see your OS vendor instructions.
SSL inspection uses the existing internal CA by default. To use your own certificate, you must replace the
internal CA.
To Next Page
Loading...
