USG60 - check SSL inspection ports

ACN

I'm trying to see which SSL ports our USG60 is checking. I've logged in with Putty and run the command show utm-manager ssl-inspection defaultport but it returns: 

% (after 'utm-manager'): Parse error

retval = -1

ERROR: Parse error/command not found!

Other commands I run such as show utm-manager content-filter defaultport return the results fine. 

Zyxel_Stanley

Hi @ACN

SSL inspection function is only support on USG110/210/310/1100/1900/2200.

USG20-VPN/40/60 series doesn’t support SSL inspection, so there is no this command.

ACN

Ah, thanks. My reason for asking is I'm trying to diagnose why our anti-virus does not seem to be working. It is letting me download the eicar.com test virus file instead of dealing with it. 

Zyxel_Stanley

Hi @ACN  

If SSL inspection is disabled, it can only scan the non-encrypt data.

You can make sure the download link is working on HTTP and without encrypted data.

For test eicar, you can put the test file on your FTP server or HTTP server to exclude encrypted part.

ACN

So the antivirus licenses we have purchased are useless without encrypted scanning, at least I know not to purchase them again. 

Zyxel_Stanley

Hi @ACN

The Anti-Virus function on USG60 can still work on HTTP, FTP, SMTP, POP3, file sharing..etc.

If you would like to scan encrypted traffic, then SSL inspection will be required.

The SSL inspection function is supported on USG110/210/310/1100/1900/2200.