Chapter 37 SSL Inspection
ZyWALL / USG (ZLD) CLI Reference Guide
259
37.2.3 SSL Inspection Certificate Cache
This table lists the SSL Inspection certificate cache commands.
37.2.4 SSL Inspection Certificate Update
Use these commands to update the latest certificates of servers using SSL connections to the
ZyWALL / USG network. You should have Internet access and have activated SSL Inspection on the
ZyWALL / USG at myZyXEL.com.
This table lists the SSL Inspection certificate cache commands.
follow-real-client-routing
{yes | no}
When a new SSL session is found by SSL inspection, it will create
another independent session from the ZyWALL / USG to get
information such as the certificate chain. However, since this
traffic is sent from the ZyWALL / USG, it may not match the same
routing policy of the original SSL session and may not reach the
destination server.
Enable this command to allow the session sent from the ZyWALL /
USG to follow the routing policy of the original session. The no
command does not allow the session sent from the ZyWALL / USG
to follow the routing policy of the original session.
sslv2 action {pass | block}
{no log | log [alert]}
SSL Inspection supports SSLv3 and TLS1.0. This command sets
the action and log for SSLv2 traffic.
unsupported-suite action {pass
| block} {no log | log [alert]}
Sets the action and log for unsupported suite traffic.
untrusted-cert-chain action
{pass | block} {no log | log
[alert]}
As a SSL session is being established, servers send their
certificate chain to clients. The ZyWALL / USG trusts its own
certificates and imported (trusted) certificates to verify the
certificate chain. This command sets the action and log for traffic
from a server with an untrusted certificate chain.
ssl-inspection profile rename
ssi_profile_name1 ssi_profile_name2
Renames an SSL Inspection profile.
no ssl-inspection profile
ssi_profile_name
Deletes an SSL Inspection profile.
show ssl-inspection profile
[ssi_profile_name]
Displays SSL Inspection profile settings.
Table 149 SSL Inspection Profile Commands
COMMAND DESCRIPTION
Table 150 SSL Inspection Certificate Cache Commands
COMMAND DESCRIPTION
ssl-inspection cache flush Clears SSL Inspection cached entries.
show ssl-inspection cert-list Displays certificates used in SSL Inspection.
Table 151 SSL Inspection Certificate Update Commands
COMMAND DESCRIPTION
[no] ssl-inspection cert-update
auto
ZyWALL / USG automatically updates the certificate set when a new
one becomes available on myZyXEL.com.
ssl-inspection cert-update now Download the latest certificate set from the myZyXEL.com and
updates it on the ZyWALL / USG.
To Next Page
Loading...
