Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.95
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Policies Decryption Decrypt Data to Internal Server Configuration Steps
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","Configuration Steps")}}

Configuration Steps

{{ $t('productDocDetail.updateTime') }}: 2025-12-25

A web application server is deployed on the intranet of an enterprise to provide internal and external services. The web application server is transmitted via HTTPS protocols. To prevent the web server from being attacked, HTTPS traffic must be detected to ensure the security of the server.

A blue rectangular object with arrows pointing to the side Description automatically generated

Step 1.Import the HTTPS server certificate. Click Server Certificate. Then, the Add Server Certificate dialog box appears. Click Add to create a server certificate, as shown in the following figure.

A screenshot of a computer Description automatically generated

Form of certificate

Note

Import Certificate

Import a certificate file suffixed with .pfx or .p12. The file contains the public key, private key, and password. Enter the password to decrypt the file.

Specify Self-Signed

Indicate the custom certificate. You need to manually specify the Name, Country, Issued To, Key Type, Key Size, and Validity Period parameters. The rest parameters are optional. A self-signed certificate can be generated after the preceding parameters are set.

Import Public/Private

Import a public or private key certificate. The public key certificate supports a file suffixed with .PEM or .DER, and the private key certificate supports a file suffixed with .PEM, .DER, or .PVK. Click OK after the certificate is imported.

Table 16:Description of Form of Certificate

Step 2.Click Add to create a decryption policy and enter the corresponding information, as shown in the following figure.

A screenshot of a computer Description automatically generated

Name: Enter a policy name easy to identify.

Src Zones: Select the source zone for accessing the server.

Source: Enter the network objects that will access the server.

Decryption Type: If you select Decrypt data to internal server, the encryption server is deployed in the LAN zone of Network Secure. The Decrypt data to internet option applies to the decryption of emails and HTTPS data when LAN users access the Internet.

Destination Servers: Add the IP address and port of the server to be decrypted. Web server, Mail server, FTP server, and Other servers are available.

Server Certificate: Select the certificate of the encryption server. You need to import the server certificate on the Add Server Certificate page.

Step 3.Click OK to save the settings. Then, the policy is added.