 |
ImportantTo use TLS traffic inspection, your Deep Discovery Inspector appliance must support inline deployment. For details, see
the Installation and Deployment Guide.
|
Use TLS traffic inspection with Deep Discovery Inspector deployed inline to decrypt and inspect TLS traffic. TLS traffic
inspection supports IPv4, VLAN, and TLS. When Deep Discovery Inspector is deployed inline and
TLS traffic inspection is not enabled, traffic flowing through the inline ports is
not
inspected.
Deep Discovery Inspector does not support inline
and out-of-band deployment at the same time. To inspect traffic, you must either enable
TLS traffic inspection and use the inline ports, or disable TLS traffic inspection
and
mirror traffic to the data ports.
Deep Discovery Inspector does not have the
ability to block traffic. Deep Discovery Inspector can only inspect traffic.
Use the following screens to configure TLS traffic inspection.
-
To configure general TLS traffic inspection settings, go to Inspection Settings screen.For details, see Inspection Settings.
-
To configure certificates for TLS traffic inspection, go to the Certificate Management screen.
Note
You must configure a Trusted CA Certificate and Signing Certificate for TLS traffic inspection.For details, see Certificate Management. -
To configure the decryption policy for TLS traffic inspection, go to the Decryption Policy screen.For details, see Decryption Policy.
To view the amount of TLS traffic decrypted by Deep Discovery Inspector, see the "appliance
information at a glance" section or the Monitored Network Traffic in Past 30
Days widget. For details see, Monitored Network Traffic in Past 30
Days and Management Console.
|
NoteWhen TLS traffic inspection is enabled, scanned traffic in Deep Discovery Inspector refers to traffic
that flowed through the inline ports and was decrypted by Deep Discovery Inspector
|