SSL Decryption, ¿hardware or software?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL Decryption, ¿hardware or software?

L2 Linker

Hi, anybody knows if PA3020 and PA3050 has a dedicated hardware for SSL Decryption?. I saw a document a few years ago where you can see that some Palo Altos has a dedicated chip for SSL decryption but I could not find it again and I do not see if PA3020 and PA3050 has the hardware or not.

 

Many thanks for your help

 

Best regards

Samuel

3 REPLIES 3

L4 Transporter

Hi did you mean this? :

 

Simplify SSL certificate signing and management process.

You can utilize dedicated hardware security modules (HSM) to manage the certificate signing functions for SSL forward proxy, SSL inbound inspection, and the master key storage functions. HSM support is generally required when FIPS 140-2 Level 3 protection for CA keys is required.
 

  • Supported HSMs: SafeNet Luna SA and Thales Nshield Connect.
  • Platforms supported: PA-7050, PA-5000 Series, PA-4000 Series, PA-3000 Series, VM-Series and the M-100 management appliance.

https://www.paloaltonetworks.com/products/features/decryption.html

 

 

 

 

 

Hi, not exactly. What I mean is that, when you configured a  SSL decryptcion policy, is there any hardware chip insdie the PA-3020 or PA3050 that do the job to decrypt the traffic?, or all decryption is done by software?.

If you only wants to decrypt some traffic (and not all), as I understand, it is not necesary to install a decryption device because the firewall can decrypt the traffic directly.

 

Many thanks for your reply

 

Best regards

Samuel

ssl decryption happens in the dataplane, a dedicated hardware (as i know). at all hardware series, except the PA-200, the traffic operation part (ssl, policy, threat scan...) is separated between the dataplane and management plane (MGT, reports, logging..)

  • 3500 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!