Select
SSL Decryption Settings to
enable inspection of SSL/TLS handshakes when
users navigate to websites over a decrypted HTTPS connection. The Content and Threat
Detection (CTD) engine on the firewall will evaluate the contents of the handshake
against Security policy rules, which enables the firewall to enforce the rules as early
in the session as possible. You must have a URL Filtering subscription, configure either
SSL Forward Proxy or
SSL Inbound Inspection, and block specific URL
categories in your Security policy rules to use this feature.
URL Filtering response pages do not display for sites that are blocked during
SSL/TLS handshake inspection. After detecting traffic from blocked categories,
the firewall resets the HTTPS connection, ending the handshake and preventing
user notification by response page. Instead, the browser displays a standard
connection error message.
