Apply TLS inspection to traffic
Use the default or custom HTTPS Service element in Access rules to define which traffic is decrypted and inspected.
Uploading TLS Credentials or a Client Protection Certificate Authority elements to the engine might enable decryption of TLS traffic that is not excluded from TLS inspection. The following configurations might enable decryption of TLS traffic:
- Adding a Network Application that allows or requires the use of TLS to an Access rule
- Selecting the Enforced option for Log Application Information in the Access rules
- Enabling Deep Inspection in an Access rule if the Service cell contains a Network Application or a Service that does not include a Protocol Agent
To select specific traffic for decryption and inspection, you create Access rules that use a custom HTTPS Service or the default HTTPS (with decryption) Service element. To enable the decryption and inspection of all TLS traffic, you enable Deep Inspection in an Access rule with the Service cell of the rule set to ANY.
You must enable Deep Inspection in the Action options of the Engine Access rules to enable TLS inspection. Deep Inspection is enabled by default in the IPS, Layer 2 Engine, and Layer 2 Interface Access rules. Traffic that matches the Access rules for TLS inspection is decrypted and matched against HTTP Situations in the Inspection rules in the same way as unencrypted HTTP traffic. Any traffic that is allowed to continue by the Inspection Policy is re-encrypted and sent to its destination.
For more details about the product and how to configure features, click Help or press F1.