About TLS Server Identity Discovery
Typically, the TLS 1.3 certificates are encrypted. For traffic encrypted with TLS 1.3 to match access rules that use application or URL filtering, the system must decrypt the TLS 1.3 certificate. We recommend that you enable early application detection and URL categorization to ensure encrypted connections are matched to the right access control rule. This setting decrypts the certificate only; the connection remains encrypted.
Note | This feature is currently available for FDM-managed devices running on software version 6.7 or later. |
Procedure
Step 1 | In the navigation pane, click Inventory. |
Step 2 | Click the Devices tab to locate the device or the Templates tab to locate the model device. |
Step 3 | Click the FTD tab and whose access control whose policy you want to edit. |
Step 4 | In the Management pane at the right, select Policy. |
Step 5 | Click the settings button. |
Step 6 | Click the slider next to TLS Server Identity Discovery to enable early application detection and URL categorization for encrypted connections. |
Step 7 | Click Save. |