Use SSL Inbound Inspection to
decrypt and inspect inbound SSL traffic destined for a network server
(you can perform SSL Inbound Inspection for any server if you have
the server certificate). With an SSL Inbound Inspection decryption
policy enabled, all SSL traffic identified by the policy is decrypted
to clear text traffic and inspected. The clear text traffic is blocked
and restricted based on the decryption profile attached to the policy
and any configured Antivirus, Vulnerability, Anti-Spyware, URL-Filtering
and File Blocking profiles. You can also enable the firewall to forward decrypted SSL traffic
for WildFire analysis and signature generation. Traffic is
re-encrypted as it exits the firewall.
Configuring SSL Inbound Inspection includes
installing the targeted server certificate on the firewall and creating
an SSL Inbound Inspection decryption policy.
Ensure that the appropriate interfaces are configured
as either virtual wire, Layer 2, or Layer 3 interfaces.
View configured interfaces on the
column displays if an interface is configured to
interface. You can select an interface
to modify its configuration, including what type of interface it
Ensure that the targeted server certificate is installed
on the firewall.
On the web interface, select
certificates installed on the firewall.
To import the targeted
server certificate onto the firewall: