SSL Decryption firewall vs web proxy?

sworton — Thu, 20 Mar 2014 18:35:32 GMT

Hi,

I see the Palo Alto firewalls can do SSL decryption inbound and outbound in order to inspect the contents for threats is there an advantage to doing this on the palo firewall as opposed to the ironport web proxy?

It looks to me like a good idea to do outbound SSL on the proxy as that would see the traffic first but inbound ssl to our servers on the firewall?

Thanks for any opinions,

Steve.

Re: SSL Decryption firewall vs web proxy?

Phoenix — Thu, 20 Mar 2014 19:11:40 GMT

Hello sworton,

The discussion here falls to 2 points

1> Where to do the proxy task

2> Which direction are we addressing ie client to server(c2s) or server to client (s2c)

If we do the outbound traffic decryption on proxy and not on the firewall then all the traffic originating from inside network going to outside network is not decrypted to see underlying threat or identify the apps. So there is no visibility on the firewall.

If the traffic originates from outside then that holds good for the inbound decryption on the PAN which takes care as said above and you are fine for this direction.

So it all depends where the traffic originates from the firewall point that is inside network or outside and should we decrypt that traffic. If it is to be seen on both directions then both inbound and outbound decryption should be done.

Thanks

topic SSL Decryption firewall vs web proxy? in General Topics

SSL Decryption firewall vs web proxy?

Re: SSL Decryption firewall vs web proxy?