Configuring a Default SSL Proxy Profile

You can configure a default profile for an SSL proxy to manage conflicts when a security policy lookup returns a list of policies before the final application is identified. The initial policy lookup phase occurs prior to identifying a dynamic application. If there are multiple policies present in the potential policy list that contain different SSL proxy profiles, then the SRX Series device applies the default profile until a suitable match is established. You can configure a default SSL proxy profile for both SSL forward and reverse proxy.

The sessions are dropped in case of policy conflicts, if the default SSL proxy profile is not available.

Creating a default SSL Proxy Profile

To create a default SSL proxy profile:

Procedure

  1. Select Configure > Firewall Policy > <Standard/Unified> Policies.

    The policies page is displayed.

  2. Click Global Options.

    The Global Options page is displayed.

  3. Click + icon to create default SSL proxy profile.

    The Create SSL Proxy page is displayed.

  4. Configure the parameters according to the guidelines in Table 163.
  5. Click OK.

    The default SSL proxy profile is added. If the selected profile is already available as default, then an error message is displayed.

Table 163: Create SSL Proxy

 

Fields

Description

Default SSL

Profile

Select a reverse proxy profile or a forward proxy profile as the default SSL proxy profile.

Description

Enter a description for the default SSL proxy profile.

Device Selection

Device Selection

Select the devices on which the default SSL proxy profile is applied.

Editing a Default SSL Proxy Profile

Procedure

To edit a default SSL Proxy profile:

  1. Select Configure > Firewall Policy > <Standard/Unified> Policies.

    The policies page is displayed.

  2. Click Global Options.

    The Global Options page is displayed.

  3. Select a default SSL proxy profile, right-click and select Edit or click the pencil icon.
  4. Edit the fields and click OK.

Updating a Default SSL Profile on a Device

Procedure

To update a default SSL proxy on a device:

  1. Select Configure > Firewall Policy > <Standard/Unified> Policies.

    The policies page is displayed.

  2. Click Global Options.

    The Global Options page is displayed.

  3. Select a default SSL profile and click Update.

    The Update SSL Proxy page is displayed.

  4. Select a proxy and click Update.

    You can view the configuration in the CLI and XML formats for the corresponding device.

Note Before updating default SSL proxy, atleast one firewall rule must be configured with SSL proxy and deployed on the device. Only then you can update a default SSL profile successfully.

Deleting a Default SSL Proxy Profile

Procedure

To delete a default SSL proxy profile:

  1. Select Configure > Firewall Policy > <Standard/Unified> Policies.

    The policies page is displayed.

  2. Click Global Options.

    The Global Options page is displayed.

  3. Select a default SSL proxy profile and click Delete. Delete option is also available when you right-click an SSL Proxy Profile or click More.

    The Delete SSL Profile page is displayed.

  4. Select an option to delete the default SSL profile from Security Director or from both Security Director and the device.
  5. Click OK.

    A confirmation message is displayed.

  6. Click Yes to delete the default SSL proxy profile.

Note When a device is imported with the default SSL proxy configuration, the default SSL proxy configured is listed in the Global options page.