11-17-2017 09:50 PM
I configured the firewall to decrypt outbound SSL traffic and installed a local cert I created onto my broswer. When I monitor my port 443 traffic I see some of it is decrypted and some of it isnt. Is this normal behavior? I thought it was suppose to decrypt all SSL traffic?
Also, I was trying to create a policy that would send an alert any time malicious activity is found inside the traffic. the decryption profile only allows you to block everything. How would this alert be possible? Im new at making these rules.
12-07-2017 08:58 AM - edited 12-07-2017 09:12 AM
One other way to import that certicate into your machine if using Windows is through MMC cosole Certificates. Or right click the certifacte and choose install. You can't decrypt all SSL just most of it. Normal behovior to see some decrypted some not decrypted. As for Alerts you could go to Deviced logs then the System tab and create a log with a serverity level and forward to an email. As for blocking the decryption profile only blocks unsupported ciphers, unsupported cipher suites, expired certificates ,unknown certificates, certificate timeouts and if the firewall has exhausted it resources and is low on memory cpu . So the decryption profile wouldn't block everything . Someone please correct me if I'm wrong.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
