These settings apply to the access policy as a whole, rather than to specific rules
within the policy.
Procedure
Step 1 | In the left pane, click . |
Step 2 | Click the Devices tab to locate the device or the Templates tab to locate the model device. |
Step 3 | Click the FTD tab and whose access control whose policy you want to edit. |
Step 4 | In the Management pane at the right, select
Policy. |
Step 5 | Click the Settings icon and configure these
settings:
-
TLS Server Identity Discovery - TLS 1.3
certificates are encrypted. For traffic encrypted with TLS 1.3 to
match access rules that use application or URL filtering, the system
must decrypt the TLS 1.3 certificate. We recommend that you enable
this option to ensure encrypted connections are matched to the right
access control rule. The setting decrypts the certificate only; the
connection remains encrypted. Enabling this option is sufficient to
decrypt TLS 1.3 certificates; you do not need to create a
corresponding SSL decryption rule. Available for FDM-managed devices running
software version 6.7 or later.
-
Reputation Enforcement on DNS Traffic - Enable
this option to apply your URL filtering category and reputation
rules to DNS lookup requests. If the fully-qualified domain name
(FQDN) in the lookup request has a category and reputation that you
are blocking, the system blocks the DNS reply. Because the user does
not receive a DNS resolution, the user cannot complete the
connection. Use this option to apply URL category and reputation
filtering to non-web traffic. For more information, see DNS Request
Filtering. Available for FDM-managed devices running software version 7.0
and later.
|
Step 6 | Click Save. |