Configure TLS inspection for server protection

If you want to inspect TLS traffic for which an internal server is the destination, you must create a TLS Credentials element to store the private key and certificate of the server.

The private key and certificate allow the firewall to decrypt TLS traffic for which the internal server is the destination so that it can be inspected. The TLS Credentials element stores the private key and certificate of an internal server. The certificate and the associated private key must be compatible with OpenSSL and be in PEM format. Make sure that the server’s private key and certificate are accessible from the computer where you use the Management Client.

When a TLS Credentials element is used in TLS inspection, the private key and certificate allow the Firewall, IPS engine, Layer 2 Firewall, or Virtual Firewall to decrypt TLS traffic for which the internal server is the destination so that it can be inspected.