Scribd
Upload
827 views2 pages

SSL Inspection On TippingPoint IPS - TPS - SMS

This document provides instructions for configuring SSL inspection on TippingPoint IPS/TPS/SMS devices in 3 steps: 1. Import certificates and configure SSL trust stores, proxies, and inspection policies for both client and server SSL inspection. 2. Create SSL inspection policies and select the appropriate server and trust store settings. 3. Enable either client or server SSL inspection on individual devices by editing their configuration and selecting SSL Inspection. Distributing the profiles allows SSL inspection to begin immediately.

Uploaded by

Priyesh MP
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
827 views2 pages

SSL Inspection On TippingPoint IPS - TPS - SMS

This document provides instructions for configuring SSL inspection on TippingPoint IPS/TPS/SMS devices in 3 steps: 1. Import certificates and configure SSL trust stores, proxies, and inspection policies for both client and server SSL inspection. 2. Create SSL inspection policies and select the appropriate server and trust store settings. 3. Enable either client or server SSL inspection on individual devices by editing their configuration and selecting SSL Inspection. Distributing the profiles allows SSL inspection to begin immediately.

Uploaded by

Priyesh MP
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Update to the latest ThreatDV

Profiles > Auxilary DVs > Check wthether the Automatic Download and Automatic
Activation enabled > Select the DV > Click on Distribute > Select all Devices > OK

SSL Inspection on TippingPoint IPS/TPS/SMS:

1. Client SSL Inspection:-

a. Import Certificate:

Admin > Certifcate Management > Certificates > Import > Enter Name > Browse
certifcate and Key > OK

b. Import CA Certificate:

Admin > Certificate Management > CA Certificates > Enter Name > browse Certificate
> OK > Click on Refresh Status

c. Configure SSL Trust Store:

Profiles > Profiles > Expand Shared Settings > Expand SSL > Expand Client > Proxy
Trusted Store > New > Enter Name (say Proxy Trusted Store) > Click Add > Select the
Certificate that we have Imported > Add > OK

d. Add an SSL Client Proxy:

Profiles > Profiles > Expand Shared Settings > Expand SSL > Expand Client > Proxies
> New > Enter a Name (say TestProxy) > Select the Signing Certificate > Decryption
Service (HTTP) > Enable Logging > OK

e. Create SSL Inspection Policies:

Profiles > Profiles > Inspection Profiles > Expand the required Profile > SSL
Inspection Policies > Under Client Policies, click New > Enter a Name > Under
Settings, select the Client Proxy, Decryption Policy and Trust Store that we have
created > OK > Now you can distribute this policy, then the client SSL decryption
will start occuring

2. Server SSL Inspection:-

a. Import Certificate:

Admin > Certifcate Management > Certificates > Import > Enter Name > Browse
certifcate and Key > OK

b. Add an SSL Server Proxy:

Profiles > Profiles > Expand Shared Settings > Expand SSL > Server Proxies > New >
Under SSL Server Proxy Config, Enter a Name (say TestProxy) > Under Destinations,
add the Server IP address that you want TPS to decrypt traffic > OK > Under
Destination Ports, add the Port (by default 443 will be there, if your Server
accepts traffic on 443 only, then no need to add any port again) > OK > Under
Options, Enable Logging > Now click on the Certificates tab > Select the
Certificate which we have imported > OK

c. Create SSL Inspection Policies:

Profiles > Profiles > Inspection Profiles > Expand the required Profile in which
you want to enable SSL Inspection > SSL Inspection Policies > Under Server
Policies, click New > Enter a Name > Under Settings, select the Server > OK > Now
distribute the changes to your device by clicking Distribute > Under Targets,
select Allow Segment Selection > Organized by: Device > Expand All Devices > Select
the Segment > OK

3. Enable SSL Inspection:-

Devices > Expand All Devices > Expand the required Device > Click on Device
Configuration > Click on Edit > Click on SSL Inspection > Select either Server SSL
Inspection or Client SSL Inspection > OK

Since we already distributed the Profiles, SSL Inspection will happen immediately.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy