Procedure
Before you begin
If you upgraded from a release that did not have SSL decryption policies, but you had configured the identity policy with active authentication rules, the SSL decryption policy is already enabled. Ensure that you select the Decrypt Re-Sign certificate you want to use, and optionally enable pre-defined rules.
Review Configuring SSL Decryption Policies if you have not already.
Procedure
Step 1 | In the left pane, click . |
Step 2 | Click the Devices tab to locate the device or the Templates tab to locate the model device. |
Step 3 | Click the FTD tab and the device for which you want to enable the SSL Decryption policy. |
Step 4 | Click Policy in the Management pane at the right. |
Step 5 | Click SSL Decryption in the policy bar. |
Step 6 | Click the SSL Decryption toggle in the SSL bar to enable the SSL Decryption policy.
|
Step 7 | For Select Decrypt Re-Sign Certificate, select the internal CA certificate to use for rules that implement decryption with re-signed certificates. You can use the pre-defined NGFW-Default-InternalCA certificate, or one that you created or uploaded. If the certificate does not yet exist, click Create to add an FDM-managed device internal CA certificate. If you have not already installed the certificate in client browsers, click the download button to obtain a copy. See the documentation for each browser for information on how to install the certificate. Also see Downloading the CA Certificate for Decrypt Re-Sign Rules. |
Step 8 | Click Save. |
Step 9 | Continue with Configure the Default SSL Decryption Action to set the default action for the policy. |