How is traffic processed in the SSL Visibility appliance?
What are the events that take place in the SSL Visibility appliance to determine if a flow is SSL?
Policy rules in the SSL Visibility Appliance only apply to SSL flows. The sequence of events is as follows.
Note: Cut Through means the packets are passed to/through any attached security appliances, and then sent out on the other side of the bump in the wire:
No TCP flows are cut through immediately by the Flow processor.
New TCP flows are cut through by the Flow processor, but the flow is monitored by the Flow processor to see if it becomes an SSL flow.
If the Flow processor sees a Client Hello indicating the start of an SSL flow, it does the following:
stops passing packets on the flow to/through attached security appliances
sends the packets out on the other side of the bump in the wire (so the SSL handshake can continue)
gathers information from the SSL handshake (we do not modify the packets between client and server)
when the SSL Server Certificate begins to arrive, captures it and does not send on to client.
Once the full SSL Server Certificate is received, the appliance has all the information needed for the policy engine to make a decision on what to do with the flow.
a) If the policy engine determines that the flow should be inspected, the appliance modifies the server certificate and becomes a Man-In-The-Middle so it can decrypt and re-encrypt the flow in order to see the clear text.
b) If the policy engine determines that the flow should not be inspected, the following occurs:
replay the SSL handshake sequence to/through the attached security appliances so they see it.
cut through all future packets on this SSL flow.
Imported Document ID: 000022218
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.