ZyWALL Series CLI Reference Guide
420
CHAPTER 46
SSL Inspection
This chapter describes how to set up SSL Inspection for the Zyxel Device.
46.1 SSL Inspection Overview
Secure Socket Layer (SSL) traffic, such as HTTPS, FTPS, POP3+SSL, and SMTPS, is encrypted and therefore
cannot be inspected using Unified Threat Management (UTM) profiles such as App Patrol, Content Filter,
Intrusion, Detection and Prevention (IDP), or Anti-Virus. The Zyxel Device uses SSL Inspection to decrypt
SSL traffic, sends it to the UTM engines for inspection, then encrypts traffic that passes inspection and
forwards it to the destination server, such as Google.
The Zyxel Device supports the following SSL/TLS versions and cipher suites:
• SSLv3 AES-CBC
• TLS1.0 AES-CBC
• TLS1.2 AES-CBC/AES-GCM
• TLS1.3 AES-GCM
SSL Inspection does not support the following:
• Compression
• Client Authentication
• TLS1.3 Key updates - )
• TLS1.3 Zero Round Trip Time Resumption (0-RTT)
46.2 SSL Inspection Commands Summary
The following table describes the values required for many SSL inspection commands. Other values are
discussed with the corresponding commands.
The following sections list the commands.
Table 228 Input Values for SSL Inspection Commands
LABEL DESCRIPTION
ssi_profile_nam
e
This is the name of the profile. You may use 1-31 alphanumeric characters, underscores(_),
or dashes (-), but the first character cannot be a number. This value is case-sensitive.
description
This is additional information about this SSL Inspection profile. You can enter up to 60
characters ("0-9", "a-z", "A-Z", "-" and "_").
cert_name
This is a name of a certificate.
To Next Page
Loading...
