Ssl Inspection Certificate Cache; Ssl Inspection Certificate Update - ZyXEL Communications ZYWALL USG Series Reference Manual
Security firewalls
Hide thumbs
Also See for ZYWALL USG Series:
- Application notes (187 pages) ,
- Application note (184 pages) ,
- User manual (150 pages)
Table of Contents
Advertisement
Table 149 SSL Inspection Profile Commands
COMMAND
follow-real-client-routing
{yes | no}
sslv2 action {pass | block}
{no log | log [alert]}
unsupported-suite action {pass
| block} {no log | log [alert]}
untrusted-cert-chain action
{pass | block} {no log | log
[alert]}
ssl-inspection profile rename
ssi_profile_name1 ssi_profile_name2
no ssl-inspection profile
ssi_profile_name
show ssl-inspection profile
[ssi_profile_name]
37.2.3 SSL Inspection Certificate Cache
This table lists the SSL Inspection certificate cache commands.
Table 150 SSL Inspection Certificate Cache Commands
COMMAND
ssl-inspection cache flush
show ssl-inspection cert-list
37.2.4 SSL Inspection Certificate Update
Use these commands to update the latest certificates of servers using SSL connections to the
ZyWALL / USG network. You should have Internet access and have activated SSL Inspection on the
ZyWALL / USG at myZyXEL.com.
This table lists the SSL Inspection certificate cache commands.
Table 151 SSL Inspection Certificate Update Commands
COMMAND
[no] ssl-inspection cert-update
auto
ssl-inspection cert-update now
ZyWALL / USG (ZLD) CLI Reference Guide
DESCRIPTION
When a new SSL session is found by SSL inspection, it will create
another independent session from the ZyWALL / USG to get
information such as the certificate chain. However, since this
traffic is sent from the ZyWALL / USG, it may not match the same
routing policy of the original SSL session and may not reach the
destination server.
Enable this command to allow the session sent from the ZyWALL /
USG to follow the routing policy of the original session. The no
command does not allow the session sent from the ZyWALL / USG
to follow the routing policy of the original session.
SSL Inspection supports SSLv3 and TLS1.0. This command sets
the action and log for SSLv2 traffic.
Sets the action and log for unsupported suite traffic.
As a SSL session is being established, servers send their
certificate chain to clients. The ZyWALL / USG trusts its own
certificates and imported (trusted) certificates to verify the
certificate chain. This command sets the action and log for traffic
from a server with an untrusted certificate chain.
Renames an SSL Inspection profile.
Deletes an SSL Inspection profile.
Displays SSL Inspection profile settings.
DESCRIPTION
Clears SSL Inspection cached entries.
Displays certificates used in SSL Inspection.
DESCRIPTION
ZyWALL / USG automatically updates the certificate set when a new
one becomes available on myZyXEL.com.
Download the latest certificate set from the myZyXEL.com and
updates it on the ZyWALL / USG.
Chapter 37 SSL Inspection
259
Hide quick links:
Advertisement
Table of Contents
