(3) Description of FTD's overall strategy structure

1. English version strategy structure diagram

2. Chinese version strategy structure diagram

3. English flow chart of SSL traffic decryption

4. Flow chart of SSL traffic decryption in Chinese

Introduction to Traffic Decryption Process Items

1. Undecryptable traffic action:
   For traffic that cannot be decrypted by the system, it can be blocked without further inspection, or it can be allowed and then checked by access policy

2. SSL Rule 1: Monitor:
   Monitor traces encrypted traffic

3. SSL rule 2: Do not decrypt:
   the traffic matching this rule will not be decrypted, the system checks the traffic through the access policy instead of file or intrusion inspection, and continues to the next rule if it does not match

4. SSL Rule 3: Block:
   Traffic that does not pass further inspection will be blocked, and those that do not match continue to the next rule

5. SSL rule 4: Decryption - Known secret key:
   Use your uploaded private key to decrypt the traffic. The decrypted traffic will be evaluated and detected by the access policy. The decrypted traffic may be blocked or re-encrypted and sent to the target. Matches continue with the following rules

6. SSL Rule 5: Decryption-Re-signature:
   Re-signature is the final rule. Use your uploaded CA to re-sign the encrypted traffic to form a middleman mechanism to decrypt the traffic. The decrypted traffic will also be evaluated by the access policy, and there is also re-encryption behavior. Unmatched traffic continues with the following rules

7. SSL policy default action:
   default rule, process all traffic that does not match the rule, either block encrypted traffic without further inspection, or pass it to access policy inspection without decryption

5. Flowchart of the English version of access control policy execution

6. Chinese version flow chart of access control policy execution

Introduction to Access Control Policy Enforcement Items

1. Rule 1: Monitor:
   track monitor traffic, but don't affect traffic

2. Rule 2: Trust:
   matching traffic is allowed to pass to the destination without further inspection, although still subject to identity requirements and rate limits, unmatched continue to the next rule

3. Rule 3: Block:
   Traffic without further inspection will be blocked, unmatched continue to follow the rule

4. Rule 4: Allow:
   Matching traffic is allowed, but prohibited files, malware, intrusions, and vulnerabilities are blocked. You can configure only file inspection or intrusion inspection, or neither

5. Default Action: Intrusion Prevention
   Perform intrusion prevention before allowing non-malicious traffic through, can deploy trust or block all traffic