SSL Inspection allows you to check SSL-encrypted packages in order to let several other UTM Profiles work properly with HTTPS traffic. This video will guide you through a generic configuration setup!
1. Access your device by entering its IP address in the browser address line and login by using the device’s credential
2. Navigate to Configuration > Object > Certificate
3. Edit the default self-signed certificate and export it
4. On windows, you need to run certmgr.msc and import the certificate into Trusted Root Certificate Authorities > Certificates
5. On the USG, navigate to Configuration > UTM Profile > SSL Inspection
6. Add a new profile and select the profile which you have exported before
7. Select the action which should be applied to the SSL traffic
8. Navigate to Configuration > Security Policy > Policy Control
9. Add a new rule with SSL Inspection ticked
10. If for example using Application Patrol, you can then set the rule from LAN to WAN and select the Application Patrol Profile you want to use
Any outgoing SSL traffic from LAN to WAN will then first be decrypted, scanned and either dropped or encrypted again.
Since Version 5.20, You can now exclude Contenfilter Categories from the SSL Inspection.
This can be done by scrolling to the bottom of the "Exclude List" and clicking on "Advanced".
Here You chose the Categories to exclude and click on "apply".