• Downloads
• Disabling SSL Inspection    

• Related Topics
• Using the SSL Private Server Key to Enable Inspection of SSL Traffic
• Using the SSL Forward Proxy Feature to Enable Inspection of HTTPS Traffic
• scio const
• scio ssl
• Inspection of SSL Traffic Overview

Disabling SSL Inspection

Problem

If necessary, you can disable SSL inspection so that HTTPS sessions are passed through the IDP Series device uninspected. If you would rather drop such sessions, you must create a security policy rule that matches the HTTPS traffic and uses the drop action.

Solution

Follow the procedure indicated to disable the particular SSL inspection method:

• Inspection using the internal server private key
• Inspection using the forward proxy feature

To disable the method that uses the internal server private key:

1. Log into the CLI as admin and enter su - to switch to root.
2. Enter the following command to disable decryption:
   
   

   [root@defaulthost admin]# scio const -s s0 set sc_ssl_decryption 0

   scio: setting sc_ssl_decryption to 0x0

Tip: To make your setting persistent across restarts, modify the user_funcs file; or modify the setting in NSM and push the update to the IDP Series device.

To disable inspection using the forward proxy feature:

1. Log into the CLI as admin and enter su - to switch to root.
2. Delete the certificate authority:
   
   

   [root@defaulthost admin]# scio ssl ca delete

   [root@defaulthost admin]#