08-09-2016 06:37 PM
I know outbound SSL decryption can work when a client inside the network is accessing a secure website on the internet. But can SSL decryption work when a client on the internal network attempts to make a vpn connection to a vpn server using an SSL VPN connection elsewhere on the public internet? Can SSL decryption intercept that connection and read the contents of the vpn session? Thanks!
08-10-2016 12:43 AM
Hi
Yes this will work if the vpn session falls under these conditions:
- the ssl tunnel must be based on TLS (regular ssl), no ipsec is used
- a client certificate is not required as the firewall is not able to inject a client certificate
08-10-2016 12:43 AM
Hi
Yes this will work if the vpn session falls under these conditions:
- the ssl tunnel must be based on TLS (regular ssl), no ipsec is used
- a client certificate is not required as the firewall is not able to inject a client certificate
08-10-2016 06:47 AM
OK thanks - if both firewalls (the one doing the outbound SSL decryption) and the one on the internet (running the VPN server) were both Palo Alto's - could the one on the internet be configured to require a client certificate, and so prevent outbound SSL decryption from working?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
