ZyXEL Communications ZyWALL 110 User Manual page 551

Table 227 Configuration > UTM Profile > SSL Inspection > Profile > Add / Edit (continued)
LABEL DESCRIPTION
CA Certificate This contains the default certificate and the certificates created in Object > Certificate >
My Certificates. Choose the certificate for this profile.
Severity Level Select a severity level and these use the icons to enable/disable and configure logs and
actions for all signatures of that level.
Action for SSL Inspection supports SSLv3 and TLS1.0. Select to pass or block SSLv2 traffic that
connection with matches traffic bound to this policy here.
SSL v2
Log These are the log options for SSLv2 traffic that matches traffic bound to this policy:
• no: Select this option to have the ZyWALL/USG create no log for SSLv2 traffic that
matches traffic bound to this policy.
• log: Select this option to have the ZyWALL/USG create a log for SSLv2 traffic that
matches traffic bound to this policy.
• log alert: An alert is an e-mailed log for more serious events that may need more
immediate attention. They also appear in red in the Monitor > Log screen. Select this
option to have the ZyWALL/USG send an alert for SSLv2 traffic that matches traffic
bound to this policy.
Action for SSL Inspection supports these cipher suites:
Connection with
• RC4
unsupported
• DES
suit
• 3DES
• AES
Select to pass or block unsupported traffic (such as other cipher suites, compressed
traffic, client authentication requests, and so on) that matches traffic bound to this policy
here.
Log These are the log options for unsupported traffic that matches traffic bound to this policy:
• no: Select this option to have the ZyWALL/USG create no log for unsupported traffic
that matches traffic bound to this policy.
• log: Select this option to have the ZyWALL/USG create a log for unsupported traffic
that matches traffic bound to this policy
• log alert: An alert is an e-mailed log for more serious events that may need more
immediate attention. They also appear in red in the Monitor > Log screen. Select this
option to have the ZyWALL/USG send an alert for unsupported traffic that matches
traffic bound to this policy.
Excepted Use the icons to enable/disable and configure logs and actions for individual signatures that
Signatures are different to the general settings configured for the severity level to which the signatures
belong. Signatures configured in Query View will appear in Group View.
Add Click this to configure settings to a signature that are different to the severity level to which
it belongs.
Remove Select an existing signature exception and then click this to delete the exception.
Activate To turn on an entry, select it and click Activate.
Inactivate To turn off an entry, select it and click Inactivate.
Log To edit an item's log option, select it and use the Log icon. These are the log options:
no: Select this option on an individual signature or a complete service group to have the
ZyWALL/USG create no log when a packet matches a signature(s).
log: Select this option on an individual signature or a complete service group to have the
ZyWALL/USG create a log when a packet matches a signature(s).
log alert: An alert is an e-mailed log for more serious events that may need more
immediate attention. Select this option to have the ZyWALL/USG send an alert when a
packet matches a signature(s).
Chapter 33 SSL Inspection
ZyWALL/USG Series User's Guide
551