Procedure

These settings apply to the access policy as a whole, rather than to specific rules within the policy.

Procedure


Step 1

In the left pane, click Security Devices.

Step 2

Click the Devices tab to locate the device or the Templates tab to locate the model device.

Step 3

Click the FTD tab and whose access control whose policy you want to edit.

Step 4

In the Management pane at the right, select Policy.

Step 5

Click the Settings icon and configure these settings:

  • TLS Server Identity Discovery - TLS 1.3 certificates are encrypted. For traffic encrypted with TLS 1.3 to match access rules that use application or URL filtering, the system must decrypt the TLS 1.3 certificate. We recommend that you enable this option to ensure encrypted connections are matched to the right access control rule. The setting decrypts the certificate only; the connection remains encrypted. Enabling this option is sufficient to decrypt TLS 1.3 certificates; you do not need to create a corresponding SSL decryption rule. Available for FDM-managed devices running software version 6.7 or later.

  • Reputation Enforcement on DNS Traffic - Enable this option to apply your URL filtering category and reputation rules to DNS lookup requests. If the fully-qualified domain name (FQDN) in the lookup request has a category and reputation that you are blocking, the system blocks the DNS reply. Because the user does not receive a DNS resolution, the user cannot complete the connection. Use this option to apply URL category and reputation filtering to non-web traffic. For more information, see DNS Request Filtering. Available for FDM-managed devices running software version 7.0 and later.

Step 6

Click Save.