Securing Access To Chef Deployment Servers

Doug_Hogue — Fri, 07 Apr 2017 14:41:31 GMT

Currently we have a rule allowing the APP "ssl" from many different zones to our Chef Deployment Servers. I am trying to determine if there is a specific APPID for Chef but been unable to fine one. Since the server team says both port 80 and 443 are needed I am considering to setup the policy using APPIDs "ssl" and "web-browsing". Looking for ideas on how others are handling this. Thanks

Re: Securing Access To Chef Deployment Servers

bradk14 — Fri, 07 Apr 2017 15:05:00 GMT

I've had no personal experience (or knowledge) with Chef as of yet. But searching the Applipedia does seem to agree that there is no app for it.

So barring any responses of actual value, my suggestion would be to do exactly what you are doing and let the traffic flow, then review the logs and see what AppID is actually saying. Chances are if you aren't decrypting traffic, ssl will never app shift anyway.

You can then look into trying to create a custom App yourself, or at least open a case with PA and request one be added for Chef

topic Re: Securing Access To Chef Deployment Servers in General Topics

Securing Access To Chef Deployment Servers

Re: Securing Access To Chef Deployment Servers