Summary:

  1. Create a self signed certificate 

  2. Tell client browser cert is trusted 

  3. Configure a decryption policy 

Details:

1. Create a self signed certificate 

2. Tell client browser cert is trusted 

  • Logging into the firewall's web UI https://10.1.1.30 from the inside user Tiger 172.16.2.2. Here, you will need to create a new security policy (NAT policy should be already there to translate 172.16.2.2 to the firewall's outside interface over a PAT)

  • Now logging into firewall's web UI via Tiger's machine, and download SSL certificate 

  • Upload the cert onto Tiger's browser 

3. Configure a decryption policy 

Note, we use URL category to classify what type of traffic should be decrypted when the traffic leaving the firewall. Facebook belongs to social-network in our case.

  • To verify the browser uses the certificate