It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Create TLS Inspection Policies

  • Last updated on

TLS Inspection decrypts TLS connections so the appliance can allow features, such as Malware Protection and IPS, to scan traffic that would otherwise not be visible to the service. You can use a default TLS Inspection policy profile for your access rules, or you can create an explicit profile to match individual requirements.

tls_pol_overview.png

For information on how to customize default policy profiles, see How to Configure Policy Profiles

Before You Begin

Create a TLS Inspection Policy Profile

Create an explicit TLS Inspection policy profile to match individual requirements.

  1. (On the Control Center) Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Firewall Objects.
  2. Click Lock.
  3. In the left menu, expand Policy Profiles.
  4. Select TLS Inspection. The TLS Inspection Policies window opens.

  5. To add a new policy profile, click the plus icon at the top right of the window, enter a profile name, and click OK.
    tls_new.png
  6. Click Send Changes and Activate.

The policy profile now appears in the TLS Inspection Shared Policy Profiles list, and you can create explicit policies for it.

Create an Explicit TLSInspection Policy

  1. (On the Control Center) Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Firewall Objects.
  2. (On a CloudGen Firewall) Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  3. Click Lock.
  4. In the left menu, expand Policy Profiles.
  5. Select TLS Inspection. The TLS Inspection Policies window opens.

  6. Select the profile you wish to create the policy for. The policy list appears under the corresponding tab in the lower window.
  7. To add a new policy, click the plus icon at the top right of the lower window. You can also right-click the list and select Add Policy
  8. Specify values for the following:
    • Name – Enter a descriptive name for the explicit policy.
    • Description – Enter a description for the policy.
    • Action – Select either Inspect or Do Not Inspect .
    • TLS Policy – Select either the default or an explicit policy.
    • Source / Destination IP / Network Criteria – Select the source and destination network, or select <Explicit Network> and enter an IP address/network or a domain that gets resolved to an IP address for the matching.
    • Application Criteria – Define the application match condition. Add an application the policy should apply to, or create explicit applications. To open the selection menu, double-click the corresponding field. Selecting applications in the application editor works similarly to the process in the object configuration for the application rule set. For more information, see How to Create an Application Object and How to Create a Custom Application Object.
    • Users – Select the users or groups the policy should apply.
    • URL Category  – Specify URL categories the policy should apply to.
      tls_exp.png
  9. Click OK.
  10. Click Send Changes and Activate.

The policy is now listed in the lower window and can be selected in your forwarding rules. For more information, see the last step in How to Configure Policy Profiles.