Creating a new SSL/SSH Inspection profile

1. Go to Policy > Policy > SSL/SSH Inspection.

2. In the Name field give the profile a name.

3. In the Comments field you can optionally include an brief description of the profile.

SSL Inspection Options

4. Use the drop down menu for the CA Certificate field to choose the SSL Certificate to be used by Policies that are associated with this profile.

5. Choose between

a. Inspecting all SSL protocol ports -- enable the check box

b. Enabling only specific SSL protocol ports -- enable which of the following protocol you intend to inspect:

• HTTPS

• SMTPS

• POP3S

• IMAPS

• FTPS

You can optionally edit the TCP/IP port numbers that you expect the traffic to be travelling over.

SSH Inspection Options

6. Choose whether or not to enable SSH Deep Scan. If yes, enable the check box.

Once the check box is enabled a window will appear to be used in the configuring of:

• SSH - across any port or only the specified one.

• Exec - Block, Log or neither. Select using check boxes.

• Port-Forward - Block, Log or neither. Select using check boxes.

• SSH-Shell - Block, Log or neither. Select using check boxes.

• X11-Filter - Block, Log or neither. Select using check boxes.

Common Options

7. Choose whether to Allow Invalid SSL Certificates. If yes, enable the check box.

8. Select OK.


	The Enable SSH Deep Scan feature is enabled by default when creating a new SSL/SSH Inspection profile. There are situations were this feature can cause issues so be sure that you would like it enabled before applying it.