NextGen Web Filtering (NGWF) requires SSL proxy functionality to inspect HTTPS traffic. To enable NGWF:
Option B:You can generate aself-signed certificatefor SSL proxy functionality (or import a CA-signed certificate, but the course emphasizes self-signed for lab/demo purposes).
Option D:You must configure anSSL proxy profileso that HTTPS traffic can be decrypted and inspected.
Option A:A CA-signed certificate may be used in production but is not strictly required to enable NGWF.
Option C:SSL initiation profiles are used for outbound SSL inspection initiated by the SRX, not for NGWF traffic interception.
Correct Actions:Generate a self-signed certificate, Configure an SSL proxy profile
[Reference:Juniper Networks –NextGen Web Filtering Configuration with SSL Proxy, Junos OS Security Fundamentals., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit