Through the “Create Profile” option, it's possible to create a new SSL Inspection profile. To access, click on the actions menu [].


1. Click on the “Create Profile” option;


SSL Inspection - Create Profile


2. The “SSL Profile” screen will be displayed:


SSL Inspection - SSL Profile


General


In this panel the general configurations of the SSL profile are made.


SSL Inspection - SSL Profile - General


  • Name: Define a name for the profile. Ex.: SSL Inspection;
  • Description: Set a description for the profile. Ex.: SSL Inspection;
  • Number of Workers: Allows the definition of the number of workers (processes) by Inspection profile, limited to the number of CPUs detected automaticaly by the system.
  • Protocols: Determines in protocols the SSL Inspection will be applied. The available options are: HTTPS, SMTPS and POP3S.
  • Block Invalid certificates[]: If this checkbox has been checked, every time the SSL inspection detects an invalid certificate, a block will be made;


Exception


In this panel the SSL profile exceptions are configured.


SSL Inspection - SSL Profile - Exception


  • Dictionary: Select predefined items as exception for the SSL Profile.
  • Web Categories: When checking the Web Categories box[], it will be possible to select among the available categories, which ones will be marked as exceptions for the SSL Profile.


If an object or a category is added to the SSL exceptions, the packet will not go through the Proxy and Flow-based Inspection Engine modes, from the new Blockbit packet inspection flow, that is, the packet will be forwarded to the Egress Filtering (NAT, IPSec Compression, Traffic Shapping, Routing, etc.).

To see the package inspection flow, see the UTM architecture.


SSL Exception


This feature meets the cases of specific conditions of Applications and Services that do not read the system certificates, nor does it have the option to import the certificate in its application, very common cases for services and applications of "Banks, financial institutions and Government", and it is very useful for cases that want to allow the bypass traffic of these services and applications for the entire network;



  • Web Categories: This field follows the same logic as the Inspection Exception field, in Web Categories it is possible to select Web categories to apply “Exception” filters. To select the categories, click on the [] button, choose the desired categories by checking the checkboxes [] that will be considered as an exception, as shown below:


SSL Inspection - Add Category


If it is necessary to make a configuration on all items, just select the desired option in the action menu []:



SSL Inspection - Add Category - Actions menu


To exit this panel, click the [] button or click the [] button to finish adding the categories.


Finally, if you want to cancel the configuration, click the [] button. To finish creating the profile click on the [] button.


Profile saved successfully


Profile was created successfully.

Next, we will analyze the process of deleting a profile.

  • No labels