Configuring a Default SSL Proxy Profile
You can configure a default profile for an SSL proxy to manage conflicts when a security policy lookup returns a list of policies before the final application is identified. The initial policy lookup phase occurs prior to identifying a dynamic application. If there are multiple policies present in the potential policy list that contain different SSL proxy profiles, then the SRX Series device applies the default profile until a suitable match is established. You can configure a default SSL proxy profile for both SSL forward and reverse proxy.
The sessions are dropped in case of policy conflicts, if the default SSL proxy profile is not available.
Creating a default SSL Proxy Profile
To create a default SSL proxy profile:
- Select Configure > Firewall Policy > <Standard/Unified> Policies.
The policies page is displayed.
- Click Global Options.
The Global Options page is displayed.
- Click + icon to create default SSL proxy profile.
The Create SSL Proxy page is displayed.
- Configure the parameters according to the guidelines in Table 1.
- Click OK.
The default SSL proxy profile is added. If the selected profile is already available as default, then an error message is displayed.
Table 1: Create SSL Proxy
Fields | Description |
---|---|
Default SSL | |
Profile | Select a reverse proxy profile or a forward proxy profile as the default SSL proxy profile. |
Description | Enter a description for the default SSL proxy profile. |
Device Selection | |
Device Selection | Select the devices on which the default SSL proxy profile is applied. |
Editing a Default SSL Proxy Profile
To edit a default SSL Proxy profile:
- Select Configure > Firewall Policy > <Standard/Unified> Policies.
The policies page is displayed.
- Click Global Options.
The Global Options page is displayed.
- Select a default SSL proxy profile, right-click and select Edit or click the pencil icon.
- Edit the fields and click OK.
Updating a Default SSL Profile on a Device
To update a default SSL proxy on a device:
- Select Configure > Firewall Policy > <Standard/Unified> Policies.
The policies page is displayed.
- Click Global Options.
The Global Options page is displayed.
- Select a default SSL profile and click Update.
The Update SSL Proxy page is displayed.
- Select a proxy and click Update.
You can view the configuration in the CLI and XML formats for the corresponding device.
Before updating default SSL proxy, atleast one firewall rule must be configured with SSL proxy and deployed on the device. Only then you can update a default SSL profile successfully.
Deleting a Default SSL Proxy Profile
To delete a default SSL proxy profile:
- Select Configure > Firewall Policy > <Standard/Unified> Policies.
The policies page is displayed.
- Click Global Options.
The Global Options page is displayed.
- Select a default SSL proxy profile and click Delete. Delete option is also available when you right-click an SSL Proxy
Profile or click More.
The Delete SSL Profile page is displayed.
- Select an option to delete the default SSL profile from Security Director or from both Security Director and the device.
- Click OK.
A confirmation message is displayed.
- Click Yes to delete the default SSL proxy profile.
When a device is imported with the default SSL proxy configuration, the default SSL proxy configured is listed in the Global options page.