USG60 - check SSL inspection ports

ACN
ACN Posts: 3
First Comment
edited April 2021 in Security
I'm trying to see which SSL ports our USG60 is checking. I've logged in with Putty and run the command show utm-manager ssl-inspection defaultport but it returns: 
% (after 'utm-manager'): Parse error
retval = -1
ERROR: Parse error/command not found!

Other commands I run such as show utm-manager content-filter defaultport return the results fine. 

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ACN

    SSL inspection function is only support on USG110/210/310/1100/1900/2200.

    USG20-VPN/40/60 series doesn’t support SSL inspection, so there is no this command.

  • ACN
    ACN Posts: 3
    First Comment
    Ah, thanks. My reason for asking is I'm trying to diagnose why our anti-virus does not seem to be working. It is letting me download the eicar.com test virus file instead of dealing with it. 
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ACN  

    If SSL inspection is disabled, it can only scan the non-encrypt data.

    You can make sure the download link is working on HTTP and without encrypted data.

    For test eicar, you can put the test file on your FTP server or HTTP server to exclude encrypted part.

  • ACN
    ACN Posts: 3
    First Comment
    So the antivirus licenses we have purchased are useless without encrypted scanning, at least I know not to purchase them again. 
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ACN

    The Anti-Virus function on USG60 can still work on HTTP, FTP, SMTP, POP3, file sharing..etc.

    If you would like to scan encrypted traffic, then SSL inspection will be required.

    The SSL inspection function is supported on USG110/210/310/1100/1900/2200.

Security Highlight