Manage TLS inspection

This page describes how to manage Transport Layer Security (TLS) inspection for Cloud Next Generation Firewall. You can view, list, update, and delete TLS inspection policies in your project. For information on TLS inspection, see TLS inspection overview.

View details for a TLS inspection policy

You can view information about the TLS inspection policy that you created in your project.

Console

  1. In the Google Cloud console, go to the TLS inspection policies page.

    Go to TLS inspection policies

  2. In the project selector menu, select your project.

  3. The TLS inspection policies are listed in the TLS inspections section.

  4. To view the details, click the name of your TLS inspection policy.

List all TLS inspection policies

You can list all the TLS inspection policies in a project.

Console

  1. In the Google Cloud console, go to the TLS inspection policies page.

    Go to TLS inspection policies

  2. In the project selector menu, select your project.

  3. The TLS inspection policies are listed in the TLS inspections section.

gcloud

To list all TLS inspection policies, use the gcloud network-security tls-inspection-policies list command:

gcloud network-security tls-inspection-policies list \
    --project PROJECT_ID \
    --location REGION

Replace the following:

  • PROJECT_ID: the project ID for the TLS inspection policy
  • REGION: the name of the region for which you want to list the TLS inspection policy

Edit a TLS inspection policy

You can modify an existing TLS inspection policy in your project.

Console

  1. In the Google Cloud console, go to the TLS inspection policies page.

    Go to TLS inspection policies

  2. In the project selector menu, select your project.

  3. The TLS inspection policies are listed in the TLS inspections section.

  4. To edit a policy, click the name of your TLS inspection policy.

  5. Click Edit.

  6. Modify the required fields. For more information about each field, see Create a TLS inspection policy.

  7. Click Save.

Delete a TLS inspection policy

You can delete a TLS inspection policy from your project. However, if the TLS inspection policy is referenced by a firewall endpoint association, that TLS inspection policy cannot be deleted.

Console

  1. In the Google Cloud console, go to the TLS inspection policies page.

    Go to TLS inspection policies

  2. In the project selector menu, select your project.

  3. The TLS inspection policies are listed in the TLS inspections section.

  4. To delete a TLS inspection policy, select the checkbox next to its name.

  5. Click Delete.

  6. Click Delete again.

gcloud

To delete a TLS inspection policy, use the gcloud network-security tls-inspection-policies delete command:

gcloud network-security tls-inspection-policies delete \
    projects/PROJECT_ID/locations/REGION/tlsInspectionPolicies/TLS_INSPECTION_NAME \
    --location REGION

Replace the following:

  • PROJECT_ID: the project ID of the TLS inspection policy
  • TLS_INSPECTION_NAME: the name of the TLS inspection
  • REGION: the region where the TLS inspection policy is created

What's next?