1. Manuals
  2. Brands
  3. finjan Manuals
  4. Firewall
  5. NG-8000
  6. User manual

finjan NG-8000 User Manual

Integrated ssl scanning
Hide thumbs Also See for NG-8000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
Integrated SSL Scanning
Software Version 9.0

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NG-8000 and is the answer not in the manual?

Questions and answers

Related Manuals for finjan NG-8000

Summary of Contents for finjan NG-8000

  • Page 1 Integrated SSL Scanning Software Version 9.0...
  • Page 2 © Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries (“Finjan”). All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute,...

  • Page 3: Table Of Contents

    Integrated SSL Scanning Table of Contents Introduction HTTPS Scanning On the Fly Certificate Generation Certificate Validation SSL Certificate Errors HTTPS Policies Configuring HTTPS Support HTTPS Configurable Parameters Transparent HTTPS Page iii...

  • Page 4: Introduction

    HTTPS. HTTPS configuration can be carried out system wide or per Scanning Server. In addition to the scanning solution for HTTP traffic, Finjan also provides certificate validation functionality. This ensures that corporate policies regarding certificates are enforced by automatically validating each certificate and ensuring that the chain goes back to the trusted authority.

  • Page 5: Certificate Validation

    A list of trusted certificate authorities is supplied with the system and used for digital signature analysis and for HTTPS certificate validation. Digital certificate lists are updated via Finjan security updates. These lists include the required trusted certificate authorities as well as the Certificate Revocation Lists (CRLs).
  • Page 6 Format error in CRL's lastUpdate field The CRL lastUpdate field contains an invalid time. Format error in CRL's nextUpdate field The CRL nextUpdate field contains an invalid time. Certificate revoked The certificate has been revoked. Page 3 Finjan proprietary and confidential...
  • Page 7 Root certificate could not be found locally The certificate chain could be built up using the untrusted certificates but the root could not be found locally. Page 4 Finjan proprietary and confidential...
  • Page 8 Key usage does not include certificate The current candidate issuer signing certificate was rejected because its keyUsage extension does not permit certificate signing. Page 5 Finjan proprietary and confidential...

  • Page 9: Ssl Certificate Errors

    Scanning Server. The Scanning Server uses the certificate it generated (as described above). As the certificate is self-signed by Finjan, and is not trusted by the end-user’s browser, the user will get a warning message:...
  • Page 10 The following procedures are relevant for Vital Security Software Versions 8.5.0, 8.5.0-M01 and 9.0:  To install Finjan’s certificate as a trusted root CA: Paste the certificate below into an empty file and save it as Finjan.cer Page 7 Finjan proprietary and confidential...
  • Page 11 Click the Trusted Root Certification Authorities tab and then click the Import button. Click Next and then Browse. Navigate to the Finjan.cer file and click Open followed by Next, Next and Finish. NOTE: For Microsoft based networks, it is possible to install the certificate for all the users at once using the Microsoft Group Policy Manager Console.
  • Page 12 Click on Install Certificate. The Certificate Import Wizard opens. Navigate through the wizard till the end. The Finjan certificate is now added to the browser’s trusted sites list. You can check it is there by navigating in your browser to Tools ...
  • Page 13  To install the root certificate on the Scanning Server: Connect to the Management Console via the web browser. Navigate to Administration  System Settings  Finjan Devices. Click the IP address. Under Scanning Server right-click HTTPS and select Import Root Certificate.

  • Page 14: Https Policies

    To configure HTTPS scanning, navigate in the Management Console to Administration  System Settings  Finjan Devices  HTTPS. Page 11 Finjan proprietary and confidential...

  • Page 15: Https Configurable Parameters

    Allow Certificate Wildcards: Allows support for Certificate Wildcards. The Certificate Wildcard works in conjunction with an existing Certificate Validation rule. This means that only if there is a policy with a Certificate validation rule will the wildcard support be relevant. Page 12 Finjan proprietary and confidential...
  • Page 16 The default value is 36.  HTTPS Timeout: Defines (in seconds) the amount of time after which an idle connection is timed out. Figure 6 - HTTPS Advanced Settings Page 13 Finjan proprietary and confidential...

  • Page 17: Transparent Https

    In this case, a firewall policy can redirect all HTTPS traffic to the Scanning Server. NOTE: User authentication is not supported in conjunction with Transparent HTTPS. User identification is based on the source IP address only. Page 14 Finjan proprietary and confidential...
  • Page 18 Integrated SSL Scanning Transparent HTTPS Scanning and Finjan’s Certificate Although HTTPS Scanning is transparent to the end user, it is still mandatory to install the SSL certificate of the Scanning Server on the end user’s PC in order to prevent the security warnings. When the end user browses an HTTPS site, the Scanning Server generates on-the-fly certificate, signs the certificate and sends it to the end-user.

This manual is also suitable for:

Ng-6000Ng-5000

Table of Contents