Chapter 22 SSL Inspection
USG FLEX H Series User’s Guide
324
The following table describes the fields in this screen.
Table 162 Security Service > SSL Inspection > Profile > Add / Edit
LABEL DESCRIPTION
Name This is the name of the profile. You may use 1-31 alphanumeric characters, underscores(_), or
dashes (-), but the first character cannot be a number. This value is case-sensitive. These are
valid, unique profile names:
• MyProfile
• mYProfile
• Mymy12_3-4
These are invalid profile names:
• 1mYProfile
• My Profile
• MyProfile?
• Whatalongprofilename123456789012
Description Enter additional information about this SSL Inspection entry. You can enter up to 60 characters
(0-9a-zA-Z’()+:=?;!*#@$_%-”). The first character must be a letter.
CA Certificate This contains the default certificate and the certificates created in Object > Certificate > My
Certificates. Choose the certificate for this profile.
SSL/TLS version
Minimum
Support
SSL / TLS connections using versions lower than this setting are blocked.
Log These are the log options for unsupported traffic that matches traffic bound to this policy:
• no: Select this option to have the Zyxel Device create no log for unsupported traffic that
matches traffic bound to this policy.
• log: Select this option to have the Zyxel Device create a log for unsupported traffic that
matches traffic bound to this policy
• log alert: An alert is an emailed log for more serious events that may need more immediate
attention. They also appear in red in the Monitor > Log screen. Select this option to have the
Zyxel Device send an alert for unsupported traffic that matches traffic bound to this policy.
Unsupported suit
Action SSL Inspection supports these cipher suites:
•DES
•3DES
•AES
Select to pass or block unsupported traffic (such as other cipher suites, compressed traffic,
client authentication requests, and so on) that matches traffic bound to this policy here.
Log These are the log options for unsupported traffic that matches traffic bound to this policy:
• no: Select this option to have the Zyxel Device create no log for unsupported traffic that
matches traffic bound to this policy.
• log: Select this option to have the Zyxel Device create a log for unsupported traffic that
matches traffic bound to this policy
• log alert: An alert is an emailed log for more serious events that may need more immediate
attention. They also appear in red in the Monitor > Log screen. Select this option to have the
Zyxel Device send an alert for unsupported traffic that matches traffic bound to this policy.
Untrusted cert
chain
To Next Page
Loading...
