TLS Inspection is used to detect and prevent advanced threats over encrypted TLS channels. TLS Inspection transparently decrypts encrypted traffic and makes it available for advanced security features such as IDS/IPS, Malware Prevention, and URL Filtering. This provides visibility into the encrypted traffic without offloading and while retaining end-to-end encryption.
Without TLS Inspection, even if you enable all the advanced security features for the gateway firewall you cannot enforce or have visibility into the encrypted traffic that may have hidden malware inside the packets. TLS decryption allows administrators to have more effective access control and threat detection and prevention in encrypted traffic.
Note: Starting in
NSX-T Data Center 3.2.1,
TLS Inspection is available for production environments and has full support. In
NSX-T Data Center 3.2.0 this feature was available in tech preview mode only. For more information, see the
NSX-T Data Center Release Notes.