SSL Servers

Server DPI-SSL allows you to configure pairings of an address object and certificate to typically offload/protect an internal Server from inbound WAN access. Options include:

• Address Object/Group - When the appliance detects SSL connections (from the WAN) to this address object, it presents the paired certificate and negotiates SSL with the connecting client (typically in the WAN).
• SSL Certificate - This certificate is used to sign traffic for each server that has DPI-SSL Server inspection performed on its traffic
• Cleartext - If Cleartext is selected, a standard TCP connection is made from the appliance to the server (in the LAN) on the original port. For this to work, a NAT policy needs to be added. If the pairing is not cleartext, then an SSL connection to the server is negotiated.

To view and manage certificates, go to DEVICE | Settings > Certificates.