ZyWALL USG Series User’s Guide
769
CHAPTER 41
SSL Inspection
41.1 Overview
Secure Socket Layer (SSL) traffic, such as https://www.google.com/HTTPS, FTPs, POP3s, SMTPs, etc. is
encrypted, and cannot be inspected using Unified Threat Management (UTM) profiles such as App
Patrol, Content Filter, Intrusion, Detection and Prevention (IDP), or Anti-Virus. The Zyxel Device uses SSL
Inspection to decrypt SSL traffic, sends it to the UTM engines for inspection, then encrypts traffic that
passes inspection and forwards it to the destination server, such as Google.
An example process is shown in the following figure. User U sends a HTTPS request (SSL) to destination
server D, via the Zyxel Device, Z. The traffic matches an SSL Inspection profile in a security policy, so the
Zyxel Device decrypts the traffic using SSL Inspection. The decrypted traffic is then inspected by the UTM
profiles in the same security profile that matched the SSL Inspection profile. If all is OK, then the Zyxel
Device re-encrypts the traffic using SSL Inspection and forwards it to the destination server D. SSL traffic
could be in the opposite direction for other examples.
Figure 529 SSL Inspection Overview
Note: Anti-Spam cannot be applied to traffic decrypted by SSL Inspection.
41.1.1 What You Can Do in this Chapter
• Use the UTM Profile > SSL Inspection > Profile screen (Section 41.2 on page 770) to view SSL Inspection
profiles. Click the Add or Edit icon in this screen to configure the CA certificate, action and log in an
SSL Inspection profile.
• Use the UTM Profile > SSL Inspection > Exclude List screens (Section 41.3 on page 773) to create a
whitelist of destination servers to which traffic is passed through uninspected.
41.1.2 What You Need To Know
• Supported Cipher Suite
• DES (Data Encryption Standard)
HTTPS
SSL
Inspection
Decrypt
UTM
AP
CF
IDP
AV
SSL
Inspection
Encrypt
To Next Page
Loading...
