Verify the revocation status of a certificate used for SSL/TLS
decryption.
| Where Can I Use
This? | What Do I Need? |
|---|
|
|
Depending on the products you're using, you need at least one
of...
- For Strata Cloud Manager, you must have one of the
following licenses:
→ The features and capabilities available to you in
Strata Cloud Manager depend on which license(s) you
are using.
|
Next-Generation Firewalls (
NGFWs) decrypt inbound and outbound SSL/TLS traffic to
inspect the traffic for threats. After creating a Security policy rule that allows
traffic and applying Security profiles to the rule, create an analogous
decryption policy rule to decrypt that
traffic. Decryption provides visibility into the traffic, which enables
NGFWs to inspect and enforce the Security profiles on the traffic.
The
NGFW re-encrypts the traffic before forwarding it to its
destination. (For details on how this works, see
SSL Inbound Inspection and
SSL Forward Proxy.) You can configure the
firewall to verify the revocation status of certificates used for SSL/TLS decryption
as follows.
Enabling revocation status verification for SSL/TLS decryption certificates adds time to the
process of establishing the session. The first attempt to access a site might
fail if the verification does not finish before the session times out. For these
reasons, verification is disabled by default.
