detect type

Function

The detect type command configures the type of the SSL-encrypted traffic detection profile.

Format

detect type { inbound | outbound | no-decrypt }

Parameters

Parameter	Description	Value
inbound	Indicates that the SSL-encrypted traffic detection profile is in the inbound type and used in the server protection scenario.	-
outbound	Indicates that the SSL-encrypted traffic detection profile is in the outbound type and used in the client protection scenario.	-
no-decrypt	Indicates that the SSL-encrypted traffic detection profile is in the no-decrypt type and used in the SSL no-decrypt scenario.	-

Views

SSL-encrypted traffic detection profile view

Default Level

2: Configuration level

Usage Guidelines

After the detection profile is referenced, the profile type cannot be modified.

Detection profiles in different types must be configured for different scenarios. SSL-encrypted traffic check items of the FW vary with detection file types.

Inbound (server protection)
The FW blocks or permits SSL-encrypted traffic based on the results of the following checks:
- Unsupported versions
- Unsupported algorithms
Outbound (client protection)
The FW blocks or permits SSL-encrypted traffic based on the results of the following checks:
- Untrusted certificates
- Unsupported versions
- Unsupported algorithms
- Inconsistent SNI and SAN/CN
- Client verification

No-encrypt (SSL no-decrypt)
The FW blocks or permits SSL-encrypted traffic based on the results of the following checks:
- Untrusted certificates
- Inconsistent SNI and SAN/CN

Example

# Set the type of the SSL-encrypted traffic detection profile to inbound.

<sysname> system-view
[sysname] profile type decryption name profile1
[sysname-profile-decryption-profile1] detect type inbound