1st: You can't use multiple client-side TLS decryption profiles at the same time on the same firewall engine
2nd: You have to set the certificate issuer CA-root cert as a trustedCA if you import a PKI-CA-cert into the SMC
3rd: they take a totally different approach and define a certificate lifetime in duration for the MiTM forged certificate. This value seems to be defaulted to 120min regardless of the CA root life time value which defaults to 1 year
4th; you don't have the means like in PANOS to opt-out of TLS inspection or provide a notice to the end-user
And lastly, you have to use a HTTPS with decryption service in the policy access.rule
e.g
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment