It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Create an SSL Inspection Policy for Inbound SSL Inspection

  • Last updated on

For inbound SSL Inspection, the firewall uses the same SSL certificate that is installed on the internal server.

ssl_inspection_in.png

Before You Begin

  • Create or purchase the server certificate to be used for SSL Inspection.
  • Verify that the Feature Level of the Forwarding Firewall is set to 7.2 or higher.

Step 1. Upload the Certificate to Certificate Store

Upload the server certificate used to terminate incoming SSL connections on the firewall.

  1. Go to the Certificate Store. On the CloudGen Firewall, the certificate store is located under Advanced Configuration, on the Control Center in the Global Settings, Range Settings or Cluster Settings.
  2. Click Lock.
  3. In the upper-left corner, click + and select Import new Certificate Store Entry from File or Import new Certificate Store Entry from PKCS12.
    cert_import01.png
  4. Select the certificate file and click Open.
  5. (optional) Enter the Password and click OK.
  6. Enter a Name and click OK.
  7. Click Send Changes and Activate.

ssl_policy02.png

Step 2. Create an SSL Inspection Policy Object  

Create an SSL Inspection policy object for inbound SSL Inspection.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  2. Click Lock.
  3. In the left menu, click SSL Inspection
  4. Right-click the table and select  New SSL Inspection Policy. The  Edit SSL Inspection window opens.    
  5. Enter the Name
  6. From the SSL Policy Type drop-down list, select Inbound SSL Inspection
    sslPolicy03.png
  7. From the Inbound SSL Inspection Certificate drop-down list, select the server certificate you uploaded to the certificate store in Step 1.
    sslPolicy04.png
  8. (optional) Configure Cryptographic Attributes:
    • Minimum SSL/TLS Version – Select the minimum SSL or TLS version.

      Since most servers currently support only TLS/SSL version 1.2, do not set this parameter to a higher value. Setting the minimum TLS/SSL version to 1.3 enforces TLS1.3, which can cause connections to fail.

    • Cipher Set –  Select a preset cipher set, or click Configure to customize the cipher set.
  9. (optional) Click Configure to customize cipher set and/or click Show Cipher String to view a list of support ciphers of the set.
    sslPolicy06.png
  10. Click OK
  11. Click Send Changes and Activate

Next Steps

Configure outbound SSL Inspection. For more information, see How to Configure Outbound SSL Inspection.