Haltdos User Guide
  • Introduction
  • Customer Portal
  • hdPlatform
    • Stacks
      • Stack Status
      • Events
      • Alarms
      • Analytics
      • Instance
        • Operational Settings
        • High Availiability
        • VRRP
        • Network Settings
          • Ethernet
          • Virtual LAN
          • Link Bonds
        • Routing
          • BGP
          • OSFP
          • RIP
        • Integration
          • SNMP
          • NTP
        • DHCP Settings
        • Virtual Machines
      • Integrations
        • Syslog
        • API Tokens
        • Webhooks
        • Threat Feeds
      • Resource Content
        • Cache Pools
        • Encryption Key
        • SSL Certificates
          • Lets Encrypt Certificates
        • Web pages
        • Client Certificates
        • Revocation List
        • Custom Scripts
      • Stack Settings
        • Backup Policy
        • AAA Policy
        • Reports
        • Scheduler
        • Dashboards
        • Config Synchronization
    • Status Page
    • Updates
    • E-Mail Integration (SMTP)
    • OS Templates
    • Virtualization
    • User Management
      • Access Control
      • Active Directory
      • Password Policy
      • Admin Users
    • User Profile
      • Change Password
      • Reset Password
    • Logs & Diagnostics
  • Deployment
    • Link Load Balancers (LLB)
      • Scenario 1
      • Scenario 2
      • Scenario 3
      • Scenario 4
    • Application Delivery Controller
      • Scenario 1
      • Scenario 2
      • Scenario 3
  • Solutions
    • Web Application Firewall (WAF)
      • Machine Learning
      • Listener
        • Settings
        • Profiles
          • Settings
          • Geo Filtering
          • Antivirus
          • Bot Protection
          • Policy
            • Web Policy
            • JSON Policy
            • XML Policy
          • Rules
            • Error Rules
            • Form Rules
            • Firewall Rules
            • Rate Limit Rules
            • Whitelist Rules
            • Response Rules
            • Behavior Rules
            • Tamper Rules
            • Correlation Rules
            • Deception Rules
            • Script Rules
            • Log Rules
          • Signatures
        • SSL Settings
        • Performance
          • Caching
          • Compression
          • RUM Metric
        • Server Groups
          • Servers
          • Load Balancing
        • Monitors
        • Rules
          • Error Rules
          • Header Rules
          • Redirection Rules
          • Variable Rules
          • Upstream Rules
        • Variables
        • Advanced Bot
        • Rule Staging
        • Virtual Patching
        • Learning
        • Auto-Profiling
      • User Groups
      • Incidents
      • Tools
        • Global Whitelist
        • FP Finder
        • Match Finder
    • Web Security Scanner
      • Scan Profiles
    • Anti-DDoS
      • Profile
        • General Settings
        • Detection
        • Connections
          • TCP Settings
          • TCP Shield
          • Aggressive Aging
        • Application
          • HTTP
          • DNS
          • Miscellaneous
        • Traffic shaping
        • Network Rules
        • Signature
      • Geo Inspection
      • Bot Protection
      • SSL Offloading
      • Cloud Signaling
      • Incidents
      • Advance Settings
        • Pattern Score
        • Top talkers
      • Cluster
    • Link Load Balancer (LLB)
      • LLB Settings
      • Interface Groups
      • Monitors
        • Monitor Scripts
      • Rules
        • Load Balancing
        • Source NAT
        • Destination NAT
        • Fixed Routing
        • Scenario 5
        • Policy Routing
        • Traffic Shaper / QoS
    • Application Delivery Controller (ADC/SLB)
      • Listeners
        • Listener Settings
        • SSL Settings
        • Geo Filtering
        • Server Groups
          • Servers
          • Load Balancing
          • SNMP
        • Monitors
        • Performance
        • Rules
          • Error Rules
          • Header Rules
          • Redirection Rule
          • Policy Rules
          • Upstream Rule
          • Rate Limit Rules
        • Action Scripts
      • Incidents
    • SSL VPN
      • Settings
        • General Settings
        • Networking
        • Security
      • VPN Users
      • VPN Group
    • Global Server Load Balancer (GSLB)
      • Listener
        • Operational
        • Geo Filtering
        • Zones
        • Monitors
        • Rules
      • Domain Filters
      • Sites
  • Knowledgebase
    • Platform
      • KB: 00003001
      • KB: 00003002
      • KB: 00003003
      • KB: 00003004
      • KB: 00003005
      • KB: 00003006
      • KB: 00003007
      • KB: 00003008
      • KB: 00003009
      • KB: 00003010
      • KB: 00003011
    • Web Application Firewall (WAF)
      • KB: 00001001
      • KB: 00001002
      • KB: 00001003
      • KB: 00001004
      • KB: 00001005
      • KB: 00001006
      • KB: 00001007
      • KB: 00001008
      • KB: 00001009
      • KB: 00001010
      • KB: 00001011
      • KB: 00001012
      • KB: 00001013
      • KB: 00001014
      • KB: 00001015
      • KB: 00001016
      • KB: 00001017
      • KB: 00001018
      • KB: 00001019
      • KB: 00001020
      • KB: 00001021
      • KB: 00001022
      • KB: 00001023
      • KB: 00001024
      • KB: 00001025
      • KB: 00001026
      • KB: 00001027
      • KB: 00001028
      • KB: 00001029
      • KB: 00001030
      • KB: 00001031
      • KB: 00001032
      • KB: 00001033
      • KB: 10001034
      • KB: 00001035
      • KB: 00001036
      • KB: 00001037
      • KB: 00001038
      • KB: 00001039
      • KB: 00001040
      • KB: 00001041
      • KB: 00001042
      • KB: 00001043
      • KB: 00001044
      • KB: 00001045
      • KB: 00001046
      • KB: 00001047
      • KB: 00001048
      • KB: 00001049
      • KB: 00001050
      • KB: 00001051
      • KB: 00001052
      • KB: 00001053
      • KB: 00001054
      • KB: 00001055
      • KB: 00001056
      • KB: 00001057
      • KB: 00001058
      • KB: 00001059
      • KB: 00001060
      • KB: 00001061
      • KB: 00001062
      • KB: 00001063
      • KB: 00001064
      • KB: 00001065
    • Application Delivery Controller
      • KB: 00002000
      • KB: 00002001
      • KB: 00002002
      • KB: 00002003
      • KB: 00002004
      • KB: 00002005
      • KB: 00002006
      • KB: 00002007
      • KB: 00002008
      • KB: 00002009
      • KB: 00002010
      • KB: 00002011
      • KB: 00002012
      • KB: 00002013
      • KB: 00002014
      • KB: 00002015
      • KB: 00002016
      • KB: 00002017
      • KB: 00002018
      • KB: 00002019
      • KB: 00002020
      • KB: 00002021
      • KB: 00002022
    • Global Server Load Balancing
      • KB: 00004001
      • KB: 00004002
      • KB: 00004003
      • KB: 00004004
      • KB: 00004005
      • KB: 00004006
      • KB: 00004007
      • KB: 00004008
      • KB: 00004009
  • Troubeshooting
    • Case: 00009001
    • Case: 00009002
    • Case: 00009003
    • Case: 00009004
    • Case: 00009005
    • Case: 00009006
    • Case: 00009007
  • Glossary
Powered by GitBook
On this page
  • Overview
  • How to Use:

Was this helpful?

  1. Solutions
  2. Web Application Firewall (WAF)
  3. Listener

SSL Settings

It provides functionality to support SSL offloading based on configurations

PreviousSignaturesNextPerformance

Last updated 3 years ago

Was this helpful?

Overview

As many applications are running over HTTPS, for the WAF / ADC solution to inspect user payload, it is necessary to decrypt SSL/TLS traffic. The following settings allow users to configure SSL offloading based and optional re-encryption in Haltdos solution. The performance of SSL offloading will vary based on chosen model.

How to Use:

1. Go to WAF > Listeners > SSL Settings

2. Configure your settings.

3. Click Save Changes.

Encrypt Traffic to Upstream

This specifies WAF should re-encrypt traffic before sending it to the back-end web application.

We can listen to non-HTTPS traffic and send it as HTTPS traffic to the back end server.

Enable SSL Offloading

This option specifies if the WAF should enable HTTPS traffic for the configured website.

SSL Certificate

This field allows us to Select or Upload an SSL Certificate for SSL Offloading in case of encrypted traffic. Users can select the SSL certificate from the drop-down or add a new certificate by clicking the ADD button which will redirect to the SSL Certificates page.

SSL Ciphers

It is a set of algorithms or a set of instructions/steps that helps to establish a secure connection between two entities — usually the client (a user's browser) and the web-server they're connecting to (your website). Users can select respective ciphers from the drop-down.

SSL Cipher Suites

In order to secure or make SSL compatible with specific web browsers. Users can select from the drop-down i.e. Modern(Very Secure), Intermediate (Recommended), Old(Backward Compatibility), Custom, etc.

SSL Session Caching

This optionm allows users to specify the number of SSL session cache for HTTPS requests on the listener.

SSL Session Timeout

This option allows users to specify the SSL session timeout in minutes for every HTTPS request on the listener.

Client Certificate Verification

This option specifies if the solution should enable client certificate authentication.

Client Certificate

Thids option specifies an SSL certificate for Client Authentication.

Client Certificate Fingerprint Header

This option specifies header name for forwarding SSL certificate fingerprint to be upstream

Client Certificate Issuer Header

This option specifies header name for forwarding SSL Certificate Issuer to be upstream

Client Certificate Subject Header

It specifies header name for forwarding SSL certificate Subject to be upstream

Client Certificate Serial Header

This option specifies header name for forwarding SSL certificate Serial to be upstream

Client Certificate Verify Header

This option specifies header name for forwarding SSL certificate verified to be upstream

Client Certificate Start Date Header

This option specifies header name for forwarding SSL certificate start date to be upstream

Client Certificate End Date Header

This option allows user to add header name for forwarding SSL certificate end date to be upstream.

Invalid Client Certificate Action

This option allows user to specifies the action to be performed when client certificate verification fails.

SSL Settings
SSL Settings