Chapter 40 SSL Inspection
ZyWALL/USG Series User’s Guide
699
• RC4 (Rivest Cipher 4)
• DES (Data Encryption Standard)
•3DES
• AES (Advanced Encryption Standard)
• SSLv3/TLS1.0 (Transport Layer Security) Support
• SSLv3/TLS1.0 is currently supported with option to pass or block SSLv2 traffic
• Traffic using TLS1.1 (Transport Layer Security) or TLS1.2 is downgraded to TLS1.0 for SSL
Inspection
• No Compression Support Now
• No Client Authentication Request Support Now
•Finding Out More
•See Configuration > Object > Certificate > My Certificates for information on creating
certificates on the ZyWALL/USG.
•See Monitor > UTM Statistics > SSL Inspection to get usage data and easily add a
destination server to the whitelist of exclusion servers.
•See Configuration > Security Policy > Policy Control > Policy to bind an SSL Inspection
profile to a traffic flow(s).
40.1.3 Before You Begin
• If you don’t want to use the default ZyWALL/USG certificate, then create a new certificate in
Object > Certificate > My Certificates.
• Decide what destination servers to which traffic is sent directly without inspection. This may be a
matter of privacy and legality regarding inspecting an individual’s encrypted session, such as
financial websites. This may vary by locale.
40.2 The SSL Inspection Profile Screen
An SSL Inspection profile is a template with pre-configured certificate, action and log.
Click Configuration > UTM Profile > SSL Inspection > Profile to open this screen.
Figure 477 Configuration > UTM Profile > SSL Inspection > Profile
The following table describes the fields in this screen.
Table 270 Configuration > UTM Profile > SSL Inspection > Profile
LABEL DESCRIPTION
Profile Management
Add Click Add to create a new profile.
To Next Page
Loading...
