: Decryption Settings: SSL Decryption Settings
Focus
Focus

Decryption Settings: SSL Decryption Settings

Table of Contents
End-of-Life (EoL)

Decryption Settings: SSL Decryption Settings

Select SSL Decryption Settings to enable inspection of SSL/TLS handshakes when users navigate to websites over a decrypted HTTPS connection. The Content and Threat Detection (CTD) engine on the firewall will evaluate the contents of the handshake against Security policy rules, which enables the firewall to enforce the rules as early in the session as possible. You must have a URL Filtering subscription, configure either SSL Forward Proxy or SSL Inbound Inspection, and block specific URL categories in your Security policy rules to use this feature.
URL Filtering response pages do not display for sites that are blocked during SSL/TLS handshake inspection. After detecting traffic from blocked categories, the firewall resets the HTTPS connection, ending the handshake and preventing user notification by response page. Instead, the browser displays a standard connection error message.
SSL Decryption SettingsDescription
Send handshake messages to CTD for inspectionSelect to enable CTD to inspect SSL/TLS handshakes during decrypted web sessions.