Security considerations for TLS inspection
You must carefully consider security precautions when using TLS Inspection.
The TLS communications mediated by the NGFW Engine are decrypted for inspection, and the private keys of the servers are stored in the TLS Credentials elements on the Management Server. For these reasons, you must carefully consider security precautions when using TLS inspection. The following recommendations are general guidelines for ensuring the security of the NGFW Engine and the SMC:
- Run the Management Server on a hardened operating system.
- Disable SSH access to the engine’s command line if it is not needed regularly.
- Make sure that the engine’s Control IP address is in a protected network.
- Save Management Server backups as encrypted files.