Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Disabling SSL Inspection

    Problem

    If necessary, you can disable SSL inspection so that HTTPS sessions are passed through the IDP Series device uninspected. If you would rather drop such sessions, you must create a security policy rule that matches the HTTPS traffic and uses the drop action.

    Solution

    Follow the procedure indicated to disable the particular SSL inspection method:

    • Inspection using the internal server private key
    • Inspection using the forward proxy feature

    To disable the method that uses the internal server private key:

    1. Log into the CLI as admin and enter su - to switch to root.
    2. Enter the following command to disable decryption:

      [root@defaulthost admin]# scio const -s s0 set sc_ssl_decryption 0
      scio: setting sc_ssl_decryption to 0x0

    Tip: To make your setting persistent across restarts, modify the user_funcs file; or modify the setting in NSM and push the update to the IDP Series device.

    To disable inspection using the forward proxy feature:

    1. Log into the CLI as admin and enter su - to switch to root.
    2. Delete the certificate authority:

      [root@defaulthost admin]# scio ssl ca delete
      [root@defaulthost admin]#

    Published: 2011-02-08