How to view active ssl sessions?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to view active ssl sessions?

L4 Transporter

I am planning to bring in a new ssl decryption appliance to my current network. How can I guage the ssl throughput  on my curent PA-5020 to make decision on right size of appliance?

 

TIA

20 REPLIES 20

L6 Presenter

Well the public specs are around 2Gb of capacity through the appliance when doing features other than App-ID. 

 

Are you going to be putting this appliance before or after the FW?  You're wanting it to have the same SSL performance capabilities as your 5020?

 

This appliance will be in-line(Probably layer-2) with firewall. Yes, we want same ssl performance as on firewall. Before making any decisions on product, I want to guage our ssl throughput because we hardly touch 150Mbps(Total) throughput at any point.

Can I ask why you're wanting to get a separate SSL appliance?  The firewall can SSL decrypt redirect (mirror) native on the appliance.

 

I admit I don't know how to get you exactly what you're looking for.  Are you wanting decrypted SSL or just general SSL throughput?  You should easily be able to use ACC to get general SSL throughput but getting a "bps" decrypted throughput will probably be challenging. 

 

It might be safer getting an appliance that can do 1Gbps of decrypted SSL.  That way you had plenty of headway and don't need to revisit this topic in the future.

I am very comfortable doing decryption on firewall but I learnt there would be a significant performance loss if done.

https://www.nsslabs.com/linkservid/13C7BD87-5056-9046-93FB736663C0B07A/

So, we want to deploy a dedicated appliance. Not sure about sizing. So, I am struggling to get the numbers right.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!