Configuring a Default SSL Proxy Profile
You can configure a default profile for an SSL proxy to manage conflicts when a security policy lookup returns a list of policies before the final application is identified. The initial policy lookup phase occurs prior to identifying a dynamic application. If there are multiple policies present in the potential policy list that contain different SSL proxy profiles, then the SRX Series device applies the default profile until a suitable match is established. You can configure a default SSL proxy profile for both SSL forward and reverse proxy.
The sessions are dropped in case of policy conflicts, if the default SSL proxy profile is not available.
Creating a default SSL Proxy Profile
To create a default SSL proxy profile:
Fields |
Description |
---|---|
Default SSL |
|
Profile |
Select a reverse proxy profile or a forward proxy profile as the default SSL proxy profile. |
Description |
Enter a description for the default SSL proxy profile. |
Device Selection |
|
Device Selection |
Select the devices on which the default SSL proxy profile is applied. |
Editing a Default SSL Proxy Profile
To edit a default SSL Proxy profile:
Updating a Default SSL Profile on a Device
To update a default SSL proxy on a device:
Before updating default SSL proxy, atleast one firewall rule must be configured with SSL proxy and deployed on the device. Only then you can update a default SSL profile successfully.
Deleting a Default SSL Proxy Profile
To delete a default SSL proxy profile:
When a device is imported with the default SSL proxy configuration, the default SSL proxy configured is listed in the Global options page.