SSL Visibility Appliance

Expand all | Collapse all

SSLV in passive line mode inspection queries

  • 1.  SSLV in passive line mode inspection queries

    Posted 07-13-2021 04:14 AM
    Dear experts,

    We have few queries regarding the SSLV passive inline mode of operation. We need to clarify confusions regarding below mentioned things.
    Can someone please comment on that based on thier expert opinion and thoughts.

    * As mentioned in SSLV doccumentations SSLV act as bump in a wire. Considergin this in mind will SSLV pass through following types of L2 traffic?. LACP, VLAN Tags, ARP, GARP?


    This query is regarding the deployment of SSLV for inbound traffic decryption such that we have SSLV sitting in between the client and the web server and we have imported the certiticate+ key from the web server to the SSLV appliance.
    =============
    diagram:

    client------SSLV(passive inline)----Server
                       |
                    Forensic analysis appliacne

    * If the certificate is renewed on the server without renewing the same certificate in SSLv, what sort of impact will it create on the traffic that will be passing through the SSLV, while we have created an inspection rule to inspect that traffic.
    We want to know if certificate on the server and the SSLV some how become out of sync for some time what woudl be impact on traffic passing through the appliacne.
    Will that be dropped ?
    will that traffic will pass and only impact will be we will not have the decrpted traffic feed?



  • 2.  RE: SSLV in passive line mode inspection queries

    Posted 07-15-2021 02:21 AM
    Can anybody comment on that? Please


  • 3.  RE: SSLV in passive line mode inspection queries

    Posted 07-16-2021 03:11 AM
    Edited by Pavel Katunkin 07-16-2021 03:12 AM
    Hi Haris.

    * As mentioned in SSLV doccumentations SSLV act as bump in a wire. Considergin this in mind will SSLV pass through following types of L2 traffic?. LACP, VLAN Tags, ARP, GARP?

    Yes, it will pass L2 traffic.

    * If the certificate is renewed on the server without renewing the same certificate in SSLv, what sort of impact will it create on the traffic that will be passing through the SSLV, while we have created an inspection rule to inspect that traffic.
    We want to know if certificate on the server and the SSLV some how become out of sync for some time what woudl be impact on traffic passing through the appliacne.
    Will that be dropped ?
    will that traffic will pass and only impact will be we will not have the decrpted traffic feed?

    If the certificate in SSLV is still valid (isn't expired) there is no impact on the SSLV functionality, it's still be able to intercept, decrypt and re-encrypt traffic correctly using this cert. There are no any types on synchroniztion between SSLV and server to check certificate similarity.

    ------------------------------
    Senior Security Engineer
    Web Control
    ------------------------------



  • 4.  RE: SSLV in passive line mode inspection queries

    Posted 07-25-2021 12:43 AM
    Edited by hariskhan218 07-25-2021 12:44 AM
    Hi Pavel,

    Thanks for the response.

    I need further clarification on 2nd query.

    SO it means if certificates are expired/out of sync for some time on SSLV appliance that will cause the appliance to fail to decrypt and re-encrypt the traffic( because there is inspecting rule enabled for that kind of certificate or traffic right?.)


  • 5.  RE: SSLV in passive line mode inspection queries

    Posted 07-26-2021 05:58 AM
    Hi Haris,

    It means if certificate are expired on SSLV - client won't trust it and "chain of trust" will failed. SSLV's certificate is Intermediate CA certificate, if it's failed - all cerificates (sites certificates) are signed by this certificate will failed fo users (users' browsers).

    ------------------------------
    Senior Security Engineer
    Web Control
    ------------------------------