TLS/SSL Rule Conditions Overview
A basic TLS/SSL rule applies its rule action to all encrypted traffic inspected by the device. To better control and decrypt encrypted traffic, you can configure rule conditions to handle and log specific types of traffic. Each TLS/SSL rule can contain 0, 1, or more rule conditions; a rule matches traffic only if the traffic matches every condition in that TLS/SSL rule.
Note |
When traffic matches a rule, the device applies the configured rule action to the traffic. When the connection ends, the device logs the traffic if configured to do so. |
Each rule condition allows you to specify one or more properties of traffic you want to match against; these properties include details of:
-
The flow of traffic, including the security zone through which it travels, IP address and port, country of origin or destination, and origin or destination VLAN.
-
The user associated with a detected IP address.
-
The traffic payload, including the application detected in the traffic.
-
The connection encryption, including the TLS/SSL protocol version and cipher suite and server certificate used to encrypt the connection.
-
The category and reputation of the URL specified in the server certificate’s distinguished name..