- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-18-2018 01:17 PM
We are using Kafka for messaging and have a requirement to inspect the SSL message sent to kafka broker from kafka connect. Kafka using binary tcp protocol with kafka broker listeners on PLAINTEXT://9093 (without SSL)
Can paloalto decrypt and inspect the kafka message content?
07-18-2018 06:20 PM
Kafka as in Apache Kafka? That would depend highly on how you've configured it. By default Kafka doesn't even use encryption so you won't even need to worry about decrypting SSL traffic.
If the data itself isn't being encrypted outside of encrypted transport, then you should be able to view the data as soon as you decrypt the transport on the firewall. Honestly though I have no idea how you would accomplish this on the firewall itself in any sort of useful format, as it isn't really designed to read the packet information and then output that for you. At beast you identify the Kafka traffic you are interested in and have it perform a packet capture on the traffic so that you could manually go back and read this information if required.
Out of curosity why would you worry about this on the firewall? The message would be plaintext on the broker (depending on how you configured it); and I assume if you are using kafka then this is internal and your organization should have access to the broker to do anything they wish with the information.
07-19-2018 01:20 AM
Yes Apache Kafka, Kafka is used here to source data from a secured data center to cloud. The plan is to use Kafka connect on secured data center read data from database and transfer it to cloud we got paloalto in secured data center for inspecting the connection and traffic. Since kafa uses tcp protocol will the message be in cleartext for Paloalto to inspect.
07-19-2018 10:18 AM
if you decrypt the traffic then yes; but the firewall doesn't really care about the message itself and to the best of my knowledge doesn't have a great way of displaying/logging the actual message content.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!