Application Examples
R&S
®
GP-E/GP-S
152User Manual v16.2.1 ─ 01
4.9 Setting Up the Mail Filter with SSL Inspection
Set up the mail proxy and traffic SSL inspection so that gateprotect Firewall decrypts
and analyzes encrypted emails and traffic.
It is possible to use the mail proxy and traffic SSL inspection to decrypt and analyze
both encrypted emails and traffic. However, during traffic analysis with SSL inspection
the certificate is exchanged and the mail proxy does not trust the CA for this reason.
To ensure that gateprotect Firewall works correctly, you therefore need to add your CA
to the truststore.
1. Set up the mail filter.
a) Navigate to "UTM > Mail Filter" .
b) Set the "POP3s" and/or "SMTPs" slider switches to "On" to activate the mail fil-
ter for incoming and/or outgoing emails sent over an encrypted connection.
c) Select the "Filter Mode" you desire.
d) Select the "Action" that will be applied to the filtered emails.
e) Add the email addresses that you wish to filter to the blacklist or whitelist,
depending on the selected filter mode.
f) Click "Save" to store your mail filter settings.
2. Set up the firewall rules with SSL inspection you require to analyze traffic. For fur-
ther information on rule creation, see Chapter 3.3, "Firewall Rule Settings",
on page 22 and Chapter 4.1, "Firewall Rule Examples", on page 129.
3. Export the CA used (e.g. the R&S Root CA or your custom CA) and add the CA to
the truststore to ensure that both the mail filter and SSL inspection of the traffic
work correctly. For further information, see Chapter 3.4.8.1, "Certificates",
on page 122.
a) Navigate to "Cert. Management > Certificates" .
b)
Expand the view of the "Certificates" list by clicking
next to the search field at
the top of the item list bar.
c)
Click the
(Export) button behind the CA you desire to download to the local
disk.
The PEM format is selected by default, but you can adjust the settings to one of
the other formats as necessary.
d) Optional: Select "Export Private Key" to include the private key of the selected
certificate in the exported file.
e) Optional and only available if "Export Private Key" is selected: Enter a key
"Password" to decrypt the private key before exporting the CA if the key is
password protected on the firewall.
f) Optional and only available if "Export Private Key" is selected: To export the
private key, you need to enter a "Transport Password" . This password is used
to encrypt the export file.
g) Click "Export" .
h) Store the CA file on your local disk.
i) Navigate to "Cert. Management > Truststore > Custom Certificates" .
Setting Up the Mail Filter with SSL Inspection
To Next Page
Loading...