SSL Inspection Policy
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 193
SSL Inspection Policy
SSL Inspection
The Access Policy > SSL Inspection Policy page lets you enable and configure SSL inspection. When you
turn on this setting, you allow different Software Blades that support SSL inspection to inspect traffic that is
encrypted by the Secure Sockets Layer (SSL) protocol. To allow the gateway to inspect the secured
connections, all hosts behind the gateway must install the gateway CA certificate.
Software Blades that support SSL traffic inspection:
n
Application & URL Filtering
n
IPS
n
Anti-Virus
n
Anti-Bot
n
Threat Emulation
Deploying SSL Inspection
To deploy SSL inspection:
1. Select SSL Traffic Inspection.
2. Click Download CA Certificate to download the gateway's internal CA certificate.
Note - The certificate is available for all users on the gateway. You do not need administrator
credentials. If you do not have administrator credentials, connect from an internal or wireless network
to http://my.firewall/ica or https://<IP_Address_of_Appliance>/ica.
You must install this certificate on every client behind the gateway.
To install the certificate:
1. Manually copy the certificate file to your PC.
2. In the Windows PC, click the file and follow the wizard instructions to add the certificate to the Trusted
Root Certification Authorities repository.
Note - This is not the default repository in the Certificate Import Wizard.
Certificate installation varies according to the OS. To learn how to install the certificate in your
machine, see your OS vendor instructions.
SSL inspection uses the existing internal CA by default. To use your own certificate, you must replace the
internal CA.
To Next Page
Loading...
Need help?
General
