Engine Editor > Add-Ons > TLS Inspection
Use this branch to activate TLS inspection. You can configure TLS inspection for client or server protection.
Note: These settings are not supported for Master Engines.
Option | Definition |
---|---|
Client Protection Certificate Authority | Select the Client Protection Certificate Authority element to use for client protection. |
TLS Credentials | Specifies the Server Protection Credentials elements that are used for server protection. Click Add to add an element to the list, or Remove to remove the selected element. |
Check Certificate Revocation | When selected, the Secure SD-WAN Engine uses CRL or OCSP to check whether certificates have been revoked. |
Decrypt All Traffic | When selected, the Secure SD-WAN Engine forces all traffic to be decrypted. When the checkbox is not selected, the Secure SD-WAN Engine either decrypts or does not decrypt traffic according to the settings in TLS Match elements. |
Cryptography Suite Set (TLS 1.2 and lower) |
Specifies the TLS Cryptography Suite Set element that defines which cryptographic algorithms are allowed for TLS traffic that is decrypted for TLS Client Protection. Click Select to select an element. Note: If you use TLS 1.3 with Secure SD-WAN Engine version 6.11 or higher, the Secure SD-WAN Engine decrypts all supported TLS 1.3 cryptographic algorithms.
|