SSL Inspection Policy
Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide|191
To replace the internal CA:
1. Go to Certificates > Internal Certificate.
2. Click Replace Internal CA.
The Upload a P12 Certificate window opens.
3. Click Browse to select the certificate file.
4. Enter the Certificate name and Password.
5. Normally, the device suggests its own host name (when DDNS is configured) or its external IP
address. If you have multiple Internet connections configured, in load sharing mode, you can
manually enter an accessible IP address for this appliance. This is used by remote sites to access the
internal CA and check for certificate revocation.
6. Click Apply
SSL Inspection Bypass Policy
You can select categories that are bypassed for all possible traffic regardless of its source and destination.
To configure more advanced exceptions, go to the SSL Inspection Exceptions page.
To configure the SSL inspection bypass policy:
n
In the section Protocols to inspect - Select to inspect HTTPS, IMAPS, or POP3S protocols.
n
In the section Assets to Inspect - Select to inspect devices by type: Desktop, Laptop, Computer
(R81.10.05 and higher), Other assets, and All assets. Devices are inspected only if they were not
bypassed by other settings.
n
In the section Wireless networks to bypass - Select or clear which wireless networks to bypass.
Untrusted networks are selected by default.
Note - Wireless networks must be assigned to Separate Network, not switch or bridge.
n
In the section Bypass SSL inspection for the following categories > Categories - Categories
include Health, Government/Military, Financial services, and Well known update services. Select
or clear the privacy related categories that are not inspected. All categories except for Media
Streams are selected by default.
n
In the section Bypass SSL inspection for the following categories > Assets to bypass - Select the
MacOS checkbox to bypass macOS devices. This accelerates the connection.
l
Bypass by MAC - Click to select devices from the Active Devices table by their MAC
addresses.
l
Bypass by IP - Click to configure exceptions to bypass SSL inspection policy for specific IP
addresses on the SSL Inspection Exceptions table.
n
In the section Tracking - Select to enable logs to see the SSL inspection policy decision ("Inspect" or
"Bypass").
Note - The SSL Inspection generates these logs in addition to the Software Blades logs.
To Next Page
Loading...
