Chapter 22 SSL Inspection
USG FLEX H Series User’s Guide
320
22.1.2 What You Need To Know
SSL Inspection supports the following TLS protocols and encryption algorithms
• TLS1.0 AES-CBC
• TLS1.2 AES-CBC/AES-GCM
•TLS 1.3
SSL Inspection does not support the following:
• Compression Support
• Client Authentication
22.1.3 What You Can Do in this Chapter
•See Configuration > Object > Certificate > My Certificates for information on creating certificates
on the Zyxel Device.
•See Monitor > Security Statistics > SSL Inspection to get usage data and easily add a destination
server to the whitelist of exclusion servers.
•See Configuration > Security Policy > Policy Control > Policy to bind an SSL Inspection profile to a
traffic flow(s).
22.1.4 Before You Begin
• If you don’t want to use the default Zyxel Device certificate, then create a new certificate in Object >
Certificate > My Certificates.
• Decide what destination servers to which traffic is sent directly without inspection. This may be a
matter of privacy and legality regarding inspecting an individual’s encrypted session, such as
financial websites. This may vary by locale.
22.2 The SSL Inspection Profile Screen
An SSL Inspection profile is a template with pre-configured certificate, action and log.
Click Security Service > SSL Inspection > Profile to open this screen.
To Next Page
Loading...
