Select
SSL Decryption Settings to
enable inspection of SSL/TLS
handshakes when users navigate to websites over a decrypted
HTTPS connection. The Content and Threat Detection (CTD) engine
on the firewall will evaluate the contents of the handshake against
Security policy rules, which enables the firewall to enforce the
rules as early in the session as possible. You must have a URL Filtering
subscription, configure either
SSL Forward Proxy or
SSL Inbound Inspection,
and block specific URL categories in your Security policy rules
to use this feature.
URL Filtering response pages do not
display for sites that are blocked during SSL/TLS handshake inspection.
After detecting traffic from blocked categories, the firewall resets
the HTTPS connection, ending the handshake and preventing user notification by
response page. Instead, the browser displays a standard connection
error message.
