Changes to default SSL inspection configuration (380736)
SSL inspection is mandatory in the CLI and GUI and is enabled by default.
GUI Changes
- Updated edit dialogues for IPv4/IPv6 Policy and Explicit Proxy Policy l SSL/SSH inspection data displayed in muted palette l disabled the toggle button for this option l set the default profile as “certificate-inspection”
- Updated list pages for IPv4/IPv6 Policy and Explicit Proxy Policy l Add validation for “ssl-ssh-profile” when configuring UTM profiles
- Updated SSL/SSH Inspection list page l disabled delete menu on GUI for default ssl profiles l changed “Edit” menu to “View” menu for default ssl profiles l added implicit class (grayed) the default ssl profile entries
- Updated SSL/SSH Inspection edit dialog l disabled all the inputs for default ssl profiles except download/view trusted certificate links l changed button to “Return” for default ssl profiles to return the list page
- Updated Profile Group edit dialog l removed checkbox for “ssl-ssh-profile” option, make it always required.
CLI changes
- ssl-ssh-profile default value is certificate-inspection when applicable in table firewall.profile-group, firewall.policy, firewall.policy6, explicit-proxy-policy
- make default profiles “certificate-inspection”, “deep-ssl-inspection’ read only in table firewall.ssl-ssh-profile