InformationConfigure SSL Forward Proxy for all traffic destined to the Internet. Include all categories except financial-services and health-and-medicine.
Without SSL inspection, the firewall cannot apply many of its protection features against encrypted traffic. The amount of encrypted malware traffic continues to rise, and legitimate websites using SSL encryption are hacked or tricked into delivering malware on a frequent basis. As encryption on the Internet continues to grow at a rapid rate, SSL inspection is no longer optional as a practical security measure. If proper decryption is not configured, it follows that the majority of traffic is not being fully inspected for malicious content or policy violations. This is a major exposure, allowing delivery of exploits and payloads direct to user desktops.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionNavigate to Policies > Decryption.
Set SSL Forward Proxy for all traffic destined to the Internet. Include all categories except financial-services and health-and-medicine.