Does clear text http traffic get included with the decrypted traffic when using Encrypted-Etap license?

Question

HI;

Let's say that the Proxy SG is receiving both encrypted https traffic and clear text http traffic from the upstream router, and let's say that we decrypt the https traffic then copy the decrypted traffic through a certrain interface to a Broadcom security analytics appliance. This is of course providing that the Proxy SG has an "Encrypted-Etap" license. My question is what about the clear text http that arrives from the upstream router, which does not need to be decrypted by the Proxy SG? does it also get copied through the same port to the security analytics device?

Kindly
Wasfi

Accepted Answer

Hi Wasfi,

The ability to copy over plain http similarly to the fashion of ETap was introduced in SGOS 7.2.1.1. If you are on that version, then you can use the "Enable Client Tap" or "Enable Server Tap" action objects in the Legacy (Java) VPM. For more information on how they work, see the SGOS 7.2 Legacy VPM Reference. (starting on page 157)

There is also CPL you can use instead that is referenced in the SGOS 7.2 release notes (search for "Expanded Traffic Taps").

Essentially, for what you are trying to do, you will use both objects. For example, if you wanted to TAP the client SSL traffic the ProxySG was SSL decrypting, as well as the unencrypted client HTTP traffic the ProxySG is processing, you would do the following. You would use the "Enable Client Tap" object to copy over the plain http client traffic that the ProxySG applies policy to, and you would use the "Set Encrypted Tap" object to copy over the SSL decrypted traffic.

Hope that helps!

ProxySG & Advanced Secure Gateway

Does clear text http traffic get included with the decrypted traffic when using Encrypted-Etap license?