SSL Inspection Guide

SSL INSPECTION GUIDE

SSL Inspection – Concept Overview

SSL Inspection is a security feature that allows the zWAN Standalone appliance to intercept, decrypt, and inspect HTTPS traffic in real time. By enabling SSL Inspection, the appliance connected with client uses a trusted certificate to decrypt SSL/TLS traffic, allowing internal modules such as antivirus scanning, URL filtering, and traffic logging to analyze the data. In the Advanced Settings, the Workers parameter is used to determine the number of processes running on behalf of the main Squid process—for example, setting Workers to 3 means Squid will create an additional 2 processes and distribute them across 3 CPU cores. This setting optimizes CPU utilization and enhances performance during SSL traffic inspection.

Core Concept

When SSL Inspection is enabled:

Enabling SSL Inspection in the zWAN Standalone system activates a proxy-based interception mechanism powered by Squid to handle encrypted HTTPS traffic. When enabled, export the certificate and push it to the client system that is connected to the host machine using a Microsoft tool; refer to the Certification_push document for detailed steps. This decrypted traffic is then inspected by integrated security features such as antivirus scanning and URL filtering, while logging captures relevant metadata for auditing. Once the inspection is complete, the traffic is securely re-encrypted and forwarded to its original destination, ensuring that users benefit from enhanced security without disruption.In the Advanced Settings, the Workers parameter defines the number of Squid processes used for SSL inspection. For example, setting Workers to 3 creates two additional processes distributed across 3 CPU cores. This setting helps optimize CPU utilization and improve performance under high traffic loads.

When SSL Inspection is disabled:

SSL Inspection being disabled means the appliance does not decrypt HTTPS traffic, allowing SSL sessions to remain fully end-to-end between the client and the destination server. Antivirus scanning on encrypted traffic is not performed, which means potential threats hidden within HTTPS content may go undetected. URL filtering is limited to domain-level checks based on DNS information, without visibility into full URL paths. The appliance forwards the traffic transparently, functioning as a basic proxy or router without modifying or inspecting the encrypted data. No certificate insertion or interception takes place on the client side, and Advanced Settings, including the Workers parameter, have no effect since no SSL inspection processing occurs