Table of Contents
Advertisement
Content inspection
Self-signed certificates This option will determine the action to perform when self-signed certificates are
Expired certificates
Unknown certificates This option will determine the action to perform when self-signed certificates are
Wrong certificate type This test validates the certificate's type. This option makes it possible, for example, to
Certificate with
incorrect FQDN
When the FQDN of the
certificate is different
from the SSL domain
name
Allow IP addresses in
SSL domain names
Support
If decryption fails
If classification of
certificate fails
TCP-UDP
TCP ensures control of data during their transfer. Its role is to check that IP packets sent are
received in good order, without any loss of changes integrity-wise.
UDP may replace TCP in the event of minor problems, as it ensures a more fluid transfer since it
does not control each of the transmission stages. For example, it is suitable for streaming
applications (audio/video broadcast) for which packet loss is not vital. Indeed, during these
transmissions, lost packets are ignored.
Page 274/448
presented: you can either Block them or Continue analysis by accepting them.
These certificates are used internally and signed by your local server. They allow
guaranteeing the security of your exchanges and authenticating users, among other
functions.
This option will determine the action to perform when self-signed certificates are
presented: you can either Block them or Continue analysis by ignoring them.
Expired certificates have validity dates that have lapsed and are therefore not valid.
To fix this problem, they must be renewed by a certificate authority
Warning
Expired certificates may pose a security risk. After the expiry of a certificate,
the CA that issued it will no longer be responsible for it if it is used maliciously.
presented: you can either Block them or Continue analysis by ignoring them.
authorize traffic in the event the type of certificate presented does not comply.
NOTE
A certificate is deemed compliant if it is used in the context defined by its
signature. Therefore, a user certificate used by a server does not comply.
This option will determine the action to perform when certificates with an invalid
domain name are encountered: you may choose to Block the traffic or to Continue
analysis and ignoring the error.
This option will determine the action to perform when you encounter certificates with
domain names (FQDN) that are different from the expected SSL domain: you can
either Block traffic or Continue analysis by ignoring the difference.
This option allows or denies access to a site based on its IP addresses instead of its
SSL domain name.
This option will determine the action to perform when decryption fails: you can choose
to Block traffic or Pass without decrypting. Traffic will not be inspected if the second
option is selected.
The choice is either Pass without decrypting or Block. If a certificate has not been
listed in a certificate category, this action will determine whether the traffic will be
authorized.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
PROTOCOLS
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
