Chapter 5 Monitor
USG FLEX H Series User’s Guide
78
5.10.2 The Certificate Cache List Screen
A certificate identifies the source of SSL traffic. Use this screen to decide which sources can be excluded
from SSL inspection. Traffic in an Exclude List is not intercepted by SSL inspection.
Click Security Statistics > SSL Inspection > Certificate Cache List to display a screen that shows details on
SSL traffic identified by its certificate and an option to add that traffic to the Exclude List.
Figure 66 Security Statistics > SSL Inspection > Certificate Cache List
The following table describes the labels in this screen.
Flush Data Click this button to discard all of the screen’s statistics and update the report display.
Status
Maximum Concurrent
Sessions
This shows the maximum number of simultaneous SSL Inspection sessions allowed for
your Zyxel Device model.
Concurrent Sessions This shows the actual number of simultaneous SSL Inspection sessions in progress.
Summary
Total This is the total of SSL sessions inspected and number of sessions blocked and number
of sessions passed since data was last flushed or the Zyxel Device last rebooted after
Collect Statistics was enabled.
Inspected This shows the total number of SSL sessions inspected since data was last flushed or the
Zyxel Device last rebooted after Collect Statistics was enabled
Decrypted (Kbytes) This shows the number of kilobytes (KB) of data that was decrypted for Security
Service inspection.
Encrypted (Kbytes) This shows the number of kilobytes (KB) of data that was re-encrypted after Security
Service inspection and then forwarded.
Blocked This shows the number of SSL sessions blocked.
Passed This shows the number of SSL sessions passed.
Table 40 Security Statistics > SSL Inspection > Summary (continued)
LABEL DESCRIPTION
Table 41 Security Statistics > SSL Inspection > Certificate Cache List
LABEL DESCRIPTION
Time This is the latest date (yyyy-mm-dd) and time (hh-mm-ss) that the record in the
certificate cache list was met.
Add to Exclude list Select and item in the list and click this icon to add the common name (CN) to the
Exclude List.
Common Name This displays the common name in the certificate of the SSL traffic destination server.
Server Name Indication Server Name Indication (SNI) is the domain name entered in the browser, FTP client,
etc. to begin the SSL session with the server. It allows multiple SSL sessions to the same
IP address and port number with different certificates from different SNI. This field
displays the SNI for this SSL session.
SSL Version This field shows the SSL version. TLS1.0/1.1/1.2 are currently supported.
To Next Page
Loading...
