Default TLS inspection elements
The SMC has default elements that can be used for TLS inspection. The default elements cannot be edited, but can be duplicated and then edited.
- The Default HTTPS Inspection Exceptions element is an HTTPS Inspection Exceptions element that excludes domains used by the SMC and the engines from decryption and inspection. You cannot edit the Default HTTPS Inspection Exceptions element. If you have to make changes, you can duplicate the Default HTTPS Inspection Exceptions element and edit the copy.
- The default HTTPS (with decryption) Service element enables the decryption of HTTPS traffic that uses the default port 443, excluding the domains that are specified in the Default HTTPS Inspection Exceptions. You cannot edit the default HTTPS (with decryption) Service element. If you have to make changes, you can duplicate the HTTPS (with decryption) Service element and edit the copy.
- There are predefined Trusted Certificate Authority elements that represent the signing certificates of major certificate authorities. Default Trusted Certificate Authority elements are automatically added from dynamic update packages and cannot be edited or deleted. When client protection is used, the engine checks whether the certificate of an external server was signed by one of the Trusted Certificate Authorities. You can also create your own Trusted Certificate Authority elements to represent other certificate authorities that the engine should consider trusted.