ZyWALL/USG Series User’s Guide
698
CHAPTER 40
SSL Inspection
40.1 Overview
Secure Socket Layer (SSL) traffic, such as https://www.google.com/HTTPS, FTPs, POP3s, SMTPs,
etc. is encrypted, and cannot be inspected using Unified Threat Management (UTM) profiles such as
App Patrol, Content Filter, Intrusion, Detection and Prevention (IDP), or Anti-Virus. The ZyWALL/
USG uses SSL Inspection to decrypt SSL traffic, sends it to the UTM engines for inspection, then
encrypts traffic that passes inspection and forwards it to the destination server, such as Google.
An example process is shown in the following figure. User U sends a HTTPS request (SSL) to
destination server D, via the ZyWALL/USG, Z. The traffic matches an SSL Inspection profile in a
security policy, so the ZyWALL/USG decrypts the traffic using SSL Inspection. The decrypted traffic
is then inspected by the UTM profiles in the same security profile that matched the SSL Inspection
profile. If all is OK, then the ZyWALL/USG re-encrypts the traffic using SSL Inspection and forwards
it to the destination server D. SSL traffic could be in the opposite direction for other examples.
Figure 476 SSL Inspection Overview
Note: Anti-Spam cannot be applied to traffic decrypted by SSL Inspection.
40.1.1 What You Can Do in this Chapter
•Use the UTM Profile > SSL Inspection > Profile screen (Section 40.2 on page 699) to view
SSL Inspection profiles. Click the Add or Edit icon in this screen to configure the CA certificate,
action and log in an SSL Inspection profile.
•Use the UTM Profile > SSL Inspection > Exclude List screens (Section 40.3 on page 702) to
create a whitelist of destination servers to which traffic is passed through uninspected.
40.1.2 What You Need To Know
• Supported Cipher Suite
To Next Page
Loading...
