TLS Traffic Inspection Parent topic

Important
Important
To use TLS traffic inspection, your Deep Discovery Inspector appliance must support inline deployment. For details, see the Installation and Deployment Guide.
Use TLS traffic inspection with Deep Discovery Inspector deployed inline to decrypt and inspect TLS traffic. TLS traffic inspection supports IPv4, VLAN, and TLS. When Deep Discovery Inspector is deployed inline and TLS traffic inspection is not enabled, traffic flowing through the inline ports is not inspected.
Deep Discovery Inspector does not support inline and out-of-band deployment at the same time. To inspect traffic, you must either enable TLS traffic inspection and use the inline ports, or disable TLS traffic inspection and mirror traffic to the data ports.
Deep Discovery Inspector does not have the ability to block traffic. Deep Discovery Inspector can only inspect traffic.
Use the following screens to configure TLS traffic inspection.
  • To configure general TLS traffic inspection settings, go to Inspection Settings screen.
    For details, see Inspection Settings.
  • To configure certificates for TLS traffic inspection, go to the Certificate Management screen.
    Note
    Note
    You must configure a Trusted CA Certificate and Signing Certificate for TLS traffic inspection.
    For details, see Certificate Management.
  • To configure the decryption policy for TLS traffic inspection, go to the Decryption Policy screen.
    For details, see Decryption Policy.
To view the amount of TLS traffic decrypted by Deep Discovery Inspector, see the "appliance information at a glance" section or the Monitored Network Traffic in Past 30 Days widget. For details see, Monitored Network Traffic in Past 30 Days and Management Console.
Note
Note
When TLS traffic inspection is enabled, scanned traffic in Deep Discovery Inspector refers to traffic that flowed through the inline ports and was decrypted by Deep Discovery Inspector