For inbound SSL Inspection, the firewall uses the same SSL certificate that is installed on the internal server.
Before You Begin
- Create or purchase the server certificate to be used for SSL Inspection.
- Verify that the Feature Level of the Forwarding Firewall is set to 7.2 or higher.
Step 1. Upload the Certificate to Certificate Store
Upload the server certificate used to terminate incoming SSL connections on the firewall.
- Go to the Certificate Store. On the CloudGen Firewall, the certificate store is located under Advanced Configuration, on the Control Center in the Global Settings, Range Settings or Cluster Settings.
- Click Lock.
- In the upper-left corner, click + and select Import new Certificate Store Entry from File or Import new Certificate Store Entry from PKCS12.
- Select the certificate file and click Open.
- (optional) Enter the Password and click OK.
- Enter a Name and click OK.
- Click Send Changes and Activate.
Step 2. Create an SSL Inspection Policy Object
Create an SSL Inspection policy object for inbound SSL Inspection.
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Firewall > Forwarding Rules.
- Click Lock.
- In the left menu, click SSL Inspection.
- Right-click the table and select New SSL Inspection Policy. The Edit SSL Inspection window opens.
- Enter the Name.
-
From the SSL Policy Type drop-down list, select Inbound SSL Inspection.
- From the Inbound SSL Inspection Certificate drop-down list, select the server certificate you uploaded to the certificate store in Step 1.
- (optional) Configure Cryptographic Attributes:
- Minimum SSL/TLS Version – Select the minimum SSL or TLS version.
- Cipher Set – Select a preset cipher set, or click Configure to customize the cipher set.
- (optional) Click Configure to customize cipher set and/or click Show Cipher String to view a list of support ciphers of the set.
- Click OK
- Click Send Changes and Activate.
Next Steps
Configure outbound SSL Inspection. For more information, see How to Configure Outbound SSL Inspection.