Creating SSL Proxy Policy Intents

You can configure an SSL proxy policy intent inline on the SSL Proxy Policy page. An SSL proxy policy intent enables you to configure an SSL proxy between source and destination endpoints by associating the latter with an SSL proxy profile.

To create an SSL proxy policy intent:

Select Configuration > SSL Proxy > Policy in Customer Portal.
The SSL Proxy Policy page appears.
Click the add icon (+).
The options to create policy intents appear inline on the SSL Proxy Policy page.
Enter the policy intent information according to the guidelines provided in Table 1
Click Save.
The SSL proxy policy intent is saved and a confirmation message is displayed.

Note:
After the policy intent is created, you must deploy the policy to ensure that the changes take effect on the applicable sites. When an SSL proxy policy intent is created, the Undeployed field is incremented by one indicating that intents are pending deployment.

Table 1: Create SSL Proxy Policy Intent Settings
Setting	Guideline
Source	A source endpoint can be an IP address, an IP address group, a site, a site group, or a department, or or a combination of these. Note: A source IP address value of Any signifies any IP address from any site. Specify one or more source endpoints in one of the following ways: Click the add icon (+) and select the endpoints from the list of previously configured endpoints. Filter the endpoints by entering a search term or one or more predefined keywords in the Source field and select one or more endpoints. Table 2 displays the list of predefined keywords. Click the View more results link to view additional configured endpoints. The list of endpoints is displayed in the End Points panel on the right. Do one of the following: To add one endpoint at a time, select an endpoint and click the check mark icon (✓) that appears when you hover over the endpoint. To add multiple endpoints, select one or more endpoints that you want to add, click the check mark icon (✓) at the top of the End Points panel, and select Source. Filter the endpoints by entering a search term or one or more predefined keywords in the End Points field and select one or more endpoints. Table 2 displays the list of predefined keywords. Note: You can also create endpoints by clicking the add icon (+) in the End Points panel. Table 3 displays the endpoints that can be created.
Destination	A destination endpoint can be an IP address, an IP address group, a site, a site group, or a department, or or a combination of these. Note: A destination IP address value of Any signifies traffic going to the Internet (any address). Traffic within sites (internal traffic) is not covered by the destination IP address value of Any. If you want to cover traffic between two sites, ensure that the sites are included in both the source and destination endpoints. Specify one or more destination endpoints in one of the following ways: Click the add icon (+) and select the endpoints from the list of previously configured endpoints. Filter the endpoints by entering a search term or one or more predefined keywords in the Destination field and select one or more endpoints. Table 2 displays the list of predefined keywords. Click the View more results link to view additional configured endpoints. The list of endpoints is displayed in the End Points panel on the right. Do one of the following: To add one endpoint at a time, select an endpoint and click the check mark icon (✓) that appears when you hover over the endpoint. To add multiple endpoints, select one or more endpoints that you want to add, click the check mark icon (✓) at the top of the End Points panel, and select Destination. Filter the endpoints by entering a search term or one or more predefined keywords in the End Points field and select one or more endpoints. Table 2 displays the list of predefined keywords. Note: You can also create endpoints by clicking the add icon (+) in the End Points panel. Table 3 displays the endpoints that can be created.
SSL Proxy Profile	Specify an SSL proxy profile to associate with the SSL proxy policy intent in one of the following ways: Click the add icon (+) and select the SSL proxy profile from the list of previously configured profiles. Filter the profiles by entering a search term in the SSL Proxy Profile field and select a profile. Create a SSL proxy profile—Click the Add New Profile link. The Create SSL Proxy Profiles page appears. SeeCreating SSL Forward Proxy Profiles. Note: You can also create profiles by clicking the add icon (+) in the End Points panel and selecting SSL Proxy Profiles. Click the View more results link to view additional configured profiles. The list of SSL proxy profiles is displayed in the End Points panel on the right. To add a profile, select it and click the check mark icon (✓) that appears when you hover over the profile.
Details	Enter the name of the SSL proxy policy intent in the first text box. If you do not enter a name, the system-generated name is used. The name that you enter must begin with an alphanumeric character and can contain alphanumeric characters and some special characters (- _). The maximum length is 63 characters. Enter the description of the SSL proxy policy intent in the second text box.

Table 2: Keywords for Filtering Endpoints
Endpoint	Keyword	Applicable to
Address or Address Group	addr or ADDR	Source Destination
Site	site or SITE	Source Destination
Site Group	stgp or STGP	Source Destination
Department	dept or DEPT	Source Destination

Table 3: Creating Endpoints
Endpoint	Procedure
Address or Address Group	Click the add icon (+) and select Address. The Create Addresses page appears. See Creating Addresses or Address Groups.
Site Group	Click the add icon (+) and select Site Group. The Create Site Group page appears. See Creating Site Groups.
Department	Click the add icon (+) and select Department. The Create Department page appears. See Add a Department.

Creating SSL Proxy Policy Intents

Related Documentation