SSL Inbound Inspection enables the firewall to see potential
threats in SSL/TLS traffic destined for your internal servers and
apply security protections.
Use
SSL Inbound Inspection to
decrypt and inspect inbound SSL traffic destined for a network server
(you can perform SSL Inbound Inspection for any server if you load
the server certificate onto the firewall). With an SSL Inbound Inspection
Decryption policy enabled, the firewall decrypts all SSL traffic
identified by the policy to clear text traffic and inspects it.
The firewall blocks, restricts, or allows the traffic based on the
Decryption profile attached to the policy and the Security policy
that applies to the traffic, including any configured Antivirus,
Vulnerability Protection, Anti-Spyware, URL Filtering, and File
Blocking profiles. As a best practice, enable the firewall to
forward decrypted SSL traffic for WildFire analysis and
signature generation.
Configuring SSL Inbound Inspection includes:
Installing the targeted server certificate on the firewall.
Creating an SSL Inbound Inspection Decryption policy rule.
Applying a Decryption profile to the policy rule.
When
you configure SSL Inbound Inspection, the proxied traffic does not
support DSCP code points or QoS.