Activate TLS inspection on Secure SD-WAN Engines
Depending on the elements you select in the engine properties, you can activate client protection alone, server protection alone, or client and server protection together.
CAUTION:
Uploading TLS Credentials or a Client Protection Certificate Authority elements to the engine might enable decryption of TLS traffic that is not excluded from TLS inspection. The following configurations might enable decryption of TLS traffic:
- Adding a Network Application that allows or requires the use of TLS to an Access rule
- Selecting the Enforced option for Log Application Information in the Access rules
- Enabling Deep Inspection in an Access rule if the Service cell contains a Network Application or a Service that does not include a Protocol Agent
For more details about the product and how to configure features, click Help or press F1.
Steps
- Select Configuration.
- Click Secure SD-WAN Engines.
- Right-click an engine element, then select Edit <element type>.
- From the navigation pane on the left, select .
-
(For client protection) From the
Client Protection Certificate Authority drop-down list, select a Client Protection Certificate Authority element.
- To select an existing element, click Select and select the element.
- To create an element, click New.
- (For server protection) Click Add, then select one or more TLS Credentials elements and click Select.
- Click Save and Refresh to transfer the configuration changes and upload the certificates.