Configuring an IDP SSL Inspection (CLI Procedure)
SSL decoder is enabled by default. If you need to manually enable it via CLI, use the following CLI command.
set security idp sensor-configuration detector protocol-name
SSL tunable-name sc_ssl_flags tuneable-value 1
To configure an IDP SSL inspection, use the following CLI procedure:
[edit security]idp {sensor-configuration {ssl-inspection {sessions <number>;}}
The sensor now inspects traffic for which it has a key/server pair.
 | Note: Maximum supported sessions per SPU: default value is 10,000 and range is 1 to 100,000. The session limit is per SPU, and it is the same regardless of the number of SPUs on the device. |
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- IDP SSL Overview
- Understanding IDP Internet Key Exchange
- Understanding IDP SSL Server Key Management and Policy Configuration