Before You Begin; The Ssl Inspection Profile Screen - ZyXEL Communications ZyWALL 110 User Manual

• RC4 (Rivest Cipher 4)
• DES (Data Encryption Standard)
• 3DES
• AES (Advanced Encryption Standard)
• SSLv3/TLS1.0 (Transport Layer Security) Support
• SSLv3/TLS1.0 is currently supported with option to pass or block SSLv2 traffic
• Traffic using TLS1.1 (Transport Layer Security) or TLS1.2 is downgraded to TLS1.0 for SSL
Inspection
• No Compression Support Now
• No Client Authentication Request Support Now
• Finding Out More
• See Configuration > Object > Certificate > My Certificates for information on creating
certificates on the ZyWALL/USG.
• See Monitor > UTM Statistics > SSL Inspection to get usage data and easily add a
destination server to the whitelist of exclusion servers.
• See Configuration > Security Policy > Policy Control > Policy to bind an SSL Inspection
profile to a traffic flow(s).

33.1.3 Before You Begin

• If you don't want to use the default ZyWALL/USG certificate, then create a new certificate in
Object > Certificate > My Certificates.
• Decide what destination servers to which traffic is sent directly without inspection. This may be a
matter of privacy and legality regarding inspecting an individual's encrypted session, such as
financial websites. This may vary by locale.

33.2 The SSL Inspection Profile Screen

An SSL Inspection profile is a template with pre-configured certificate, action and log.
Click Configuration > UTM Profile > SSL Inspection > Profile to open this screen.
Figure 362 Configuration > UTM Profile > SSL Inspection > Profile
The following table describes the fields in this screen.
Table 226 Configuration > UTM Profile > SSL Inspection > Profile
LABEL
Profile Management
Add
Chapter 33 SSL Inspection
DESCRIPTION
Click Add to create a new profile.
ZyWALL/USG Series User's Guide
549