Rule for external SSL certificate check

PythagorPythagor
in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

Hi, we have a network with restricted internet access. We also have a software on these machines that need to check SSL certificates from time to time. I cannot just open port 443 to external so i wonder is there any simple solution to that.
Many thanks

Comments

  • Bruce_BriggsBruce_Briggs

    Is there a specific destination IP addr or FQDN that needs to be accessed by these devices for the cert check?
    If so, then you can add a HTTPS packet filter From: the subnet or device IP addrs To: the specific destination IP addr or FQDN

  • PythagorPythagor
    I found out that the correct way is to create HTTPS-proxy rule and allow only SSL/TLS check while denying all other requests.
Sign In to comment.