https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222975#M64100 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/93695">@joshualouis911</a>,</P><P>if you decrypt the traffic then yes; but the firewall doesn't really care about the message itself and to the best of my knowledge doesn't have a great way of displaying/logging the actual message content.&nbsp;</P> Thu, 19 Jul 2018 17:18:03 GMT BPry 2018-07-19T17:18:03Z https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222861#M64075 <P>We are using Kafka for messaging and have a requirement to inspect the SSL message sent to kafka broker from kafka connect. Kafka using binary tcp protocol with kafka broker listeners on PLAINTEXT://9093&nbsp;<U> </U>(without SSL)</P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif">Can paloalto decrypt and inspect the kafka message content?</FONT></P><P>&nbsp;</P> Wed, 18 Jul 2018 20:17:13 GMT https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222861#M64075 joshualouis911 2018-07-18T20:17:13Z https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222877#M64076 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/93695">@joshualouis911</a>,</P><P>Kafka as in Apache Kafka? That would depend highly on how you've configured it. By default Kafka doesn't even use encryption so you won't even need to worry about decrypting SSL traffic.&nbsp;</P><P>If the data itself isn't being encrypted outside of encrypted transport, then you should be able to view the data as soon as you decrypt the transport on the firewall.&nbsp;Honestly though I have no idea how you would accomplish this on the firewall itself in any sort of useful format, as it isn't really designed to read the packet information and then output that for you. At beast you identify the Kafka traffic you are interested in and have it perform a packet capture on the traffic so that you could manually go back and read this information if required.&nbsp;</P><P>&nbsp;</P><P>Out of curosity why would you worry about this on the firewall? The message would be plaintext on the broker (depending on how you configured it); and I assume if you are using kafka then this is internal and your organization should have access to the broker to do anything they wish with the information.&nbsp;</P> Thu, 19 Jul 2018 01:20:58 GMT https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222877#M64076 BPry 2018-07-19T01:20:58Z https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222895#M64081 <P>Yes Apache Kafka, Kafka is used&nbsp;here to source data from a secured data center to cloud. The plan is to use Kafka connect on secured data center read data from database and transfer it to cloud we got paloalto in secured data center for inspecting the connection and traffic.&nbsp;Since kafa&nbsp;uses&nbsp;tcp protocol will the message be in cleartext for Paloalto to inspect.&nbsp;</P> Thu, 19 Jul 2018 08:20:43 GMT https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222895#M64081 joshualouis911 2018-07-19T08:20:43Z https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222975#M64100 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/93695">@joshualouis911</a>,</P><P>if you decrypt the traffic then yes; but the firewall doesn't really care about the message itself and to the best of my knowledge doesn't have a great way of displaying/logging the actual message content.&nbsp;</P> Thu, 19 Jul 2018 17:18:03 GMT https://live.paloaltonetworks.com/t5/general-topics/support-for-inspecting-ssl-message-for-kafka-connect/m-p/222975#M64100 BPry 2018-07-19T17:18:03Z