How Can We Help?
You are here:
Print

SSL Inspection

Quick Overview

SSL Inspection allows zGuardian to decrypt and inspect encrypted (HTTPS) traffic for threats, malicious payloads, or access policy violations. Once traffic is inspected, it is re-encrypted and forwarded to its destination, maintaining user experience while improving threat detection.

How to Use This Feature in the UI

  1. Navigate to Security > SSL Inspection in the zGuardian interface.
  2. Use the toggle to Enable or Disable SSL Inspection.
  3. When enabling:
    • Ensure the zGuardian Root Certificate is installed on all client devices.
    • Optionally configure inspection policies or exceptions (e.g., financial sites).
  4. Click Apply Configuration.


Important Notes:

  • SSL Inspection is required for Antivirus, Virus Scan, and Custom URL Filtering to function on encrypted traffic.
  • If SSL Inspection is disabled, zGuardian cannot analyze HTTPS traffic for threats or policy enforcement.
  • Performance impact may vary depending on traffic volume and hardware resources.

Concepts & Use Cases

What It Does

Decrypts SSL/TLS traffic so zGuardian can inspect its contents (e.g., for viruses, malware, or unauthorized access), then re-encrypts it before sending it to the final destination.

Use Cases

  • Blocking malware hidden inside HTTPS traffic
  • Enforcing content policies on encrypted websites
  • Enabling antivirus and URL filtering for secure traffic
  • Detecting data exfiltration over encrypted channels

Caution: SSL Inspection may break functionality on some websites (e.g., banking, health portals) unless they are added to an exception list. It may also raise privacy concerns in environments with personal browsing.

Troubleshooting & FAQs

  • Q: Why aren’t antivirus or URL filtering features working?
    A: SSL Inspection must be enabled for these features to scan HTTPS traffic.
  • Q: Why are some websites failing to load or showing certificate warnings?
    A: The zGuardian certificate might not be installed on client devices, or the site may use HSTS and need to be added to the exception list.
  • Q: Will this affect performance?
    A: Yes. SSL decryption and re-encryption require CPU resources. Scale hardware accordingly.
Was this article helpful?
0 out Of 5 Stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents
Top