To simplify the configuration of the first TLS Inspection policy, you can use the TLS Inspection wizard or manually create your policy using the UI. This topic does not describe the wizard configuration, only the manual configuration steps.
The wizard provides a walk-through of the TLS Inspection configuration workflow for your tier-1 gateway firewalls. The wizard displays on the TLS Inspection home page only for the first policy, but you can access the wizard in the All Shared Rules and Gateway Specific Rules tabs. You can skip the configuration wizard and complete the policy creation and the decryption action profile setup manually by clicking Skip on the opening page.
Prerequisites
These prerequisites are valid for TLS Inspection in policies.
- Activating TLS Inspection settings per gateway.
Navigate to Settings tab. Select a gateway or gateways from the list of TLS-enabled gateways and click Turn On.
and select the - Activating URL Database on the Edge cluster.
Navigate to
. Edge nodes must have Internet connectivity so the NSX Threat Intelligence Cloud Service (NTICS) can complete URL database downloads. - To view TLS Inspection statistics using the Security dashboard, deploy NSX Application Platform on your NSX 3.2 or later environment and ensure it is in a good state. A specific license is required for time-series monitoring. For details, see the Deploying and Managing NSX Application Platform guide and Monitoring Security Statistics.