The following table describes the fields in this screen.
Table 162 Security Service > SSL Inspection > Profile > Add / Edit
LABEL
DESCRIPTION
Name
This is the name of the profile. You may use 1-31 alphanumeric characters, underscores(
dashes (-), but the first character cannot be a number. This value is case-sensitive. These are
valid, unique profile names:
• MyProfile
• mYProfile
• Mymy12_3-4
These are invalid profile names:
• 1mYProfile
• My Profile
• MyProfile?
• Whatalongprofilename123456789012
Description
Enter additional information about this SSL Inspection entry. You can enter up to 60 characters
(0-9a-zA-Z'()+:=?;!*#@$_%-"). The first character must be a letter.
CA Certificate
This contains the default certificate and the certificates created in Object > Certificate > My
Certificates. Choose the certificate for this profile.
SSL/TLS version
Minimum
SSL / TLS connections using versions lower than this setting are blocked.
Support
Log
These are the log options for unsupported traffic that matches traffic bound to this policy:
•
no: Select this option to have the Zyxel Device create no log for unsupported traffic that
matches traffic bound to this policy.
•
log: Select this option to have the Zyxel Device create a log for unsupported traffic that
matches traffic bound to this policy
•
log alert: An alert is an emailed log for more serious events that may need more immediate
attention. They also appear in red in the Monitor > Log screen. Select this option to have the
Zyxel Device send an alert for unsupported traffic that matches traffic bound to this policy.
Unsupported suit
Action
SSL Inspection supports these cipher suites:
•
DES
•
3DES
•
AES
Select to pass or block unsupported traffic (such as other cipher suites, compressed traffic,
client authentication requests, and so on) that matches traffic bound to this policy here.
Log
These are the log options for unsupported traffic that matches traffic bound to this policy:
•
no: Select this option to have the Zyxel Device create no log for unsupported traffic that
matches traffic bound to this policy.
•
log: Select this option to have the Zyxel Device create a log for unsupported traffic that
matches traffic bound to this policy
•
log alert: An alert is an emailed log for more serious events that may need more immediate
attention. They also appear in red in the Monitor > Log screen. Select this option to have the
Zyxel Device send an alert for unsupported traffic that matches traffic bound to this policy.
Untrusted cert
chain
Chapter 22 SSL Inspection
USG FLEX H Series User's Guide
324
), or
_