Enable TLS inspection in a custom HTTPS Service

Create a custom HTTPS Service element and use it for TLS inspection.

The default HTTPS (with decryption) Service element enables the decryption of HTTPS traffic that uses the default port 443, excluding the domains that are specified in the Default HTTPS Inspection Exceptions. If the default HTTPS (with decryption) Service element meets your needs, you can use the default HTTPS (with decryption) Service element in the Access rules without modification.

You must create a custom HTTPS Service in the following cases:
  • To enable decryption for HTTPS traffic that uses a different port
  • To select a different HTTPS Inspection Exceptions element
  • To log the URLs in matching traffic
  • To change any of the other settings in the Service Properties

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Select Other Elements > Services > TCP.
    A list of TCP Services opens on the right.
  3. Right-click the default HTTPS (with decryption) Service, then select New > Duplicate.
    The TCP Service Properties dialog box opens with the properties of the HTTPS Service.
  4. Enter a unique Name for the custom Service.
  5. (Optional) If traffic uses a different port than the default port 443, enter the port number in the first Dst. Ports field.
  6. Click the Protocol Parameters tab.
  7. (Optional) Click Select next to the HTTPS Inspection Exceptions field, then select an HTTPS Inspection Exceptions element.
  8. (Optional) To log the URLs in matching traffic, select Yes for Logging of Accessed URLs.
  9. Click OK.