A TLS Inspection policy applies to the selected tier-1 gateway firewall or firewalls. The first time you add a TLS Inspection policy, you can use the wizard, or you can manually configure the policy and associated rules. This topic describes the concepts and creation of TLS Inspection policies.

TLS Inspection Policy Categories

NSX TLS inspection provides the following three categories for easy policy management. Similar to gateway firewall categories, you can use any of the categories based on requirement to define TLS inspection policies.

  • Pre-Rules - Defines the policy for multiple gateways.

  • Local Gateway - Defines specific policies.

  • Default (post-rules) - This TLS Default category is different than the gateway policy rules as it does not contain any out-of-the-box rule or policy default. It also allows you to define post rules in the Default category (which is not available in the gateway firewall table). For example, the use case might be to add some common policies to multiple gateways after the local gateway configuration.