09-22-2015 04:43 AM
Hi, anybody knows if PA3020 and PA3050 has a dedicated hardware for SSL Decryption?. I saw a document a few years ago where you can see that some Palo Altos has a dedicated chip for SSL decryption but I could not find it again and I do not see if PA3020 and PA3050 has the hardware or not.
Many thanks for your help
Best regards
Samuel
09-22-2015 06:06 AM
Hi did you mean this? :
Simplify SSL certificate signing and management process.
You can utilize dedicated hardware security modules (HSM) to manage the certificate signing functions for SSL forward proxy, SSL inbound inspection, and the master key storage functions. HSM support is generally required when FIPS 140-2 Level 3 protection for CA keys is required.
https://www.paloaltonetworks.com/products/features/decryption.html
09-22-2015 06:16 AM
Hi, not exactly. What I mean is that, when you configured a SSL decryptcion policy, is there any hardware chip insdie the PA-3020 or PA3050 that do the job to decrypt the traffic?, or all decryption is done by software?.
If you only wants to decrypt some traffic (and not all), as I understand, it is not necesary to install a decryption device because the firewall can decrypt the traffic directly.
Many thanks for your reply
Best regards
Samuel
09-22-2015 06:47 AM
ssl decryption happens in the dataplane, a dedicated hardware (as i know). at all hardware series, except the PA-200, the traffic operation part (ssl, policy, threat scan...) is separated between the dataplane and management plane (MGT, reports, logging..)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
