Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
avi3383
Participant
Jump to solution

Https inspection query on Cloudguard IaaS

Hi,

We have deployed autoscale security gateway on AWS cloud only for Northbound traffic to protect web application hosted in AWS customer account.

All application are publicly published and can be access from Internet.

Below is the traffic flow:

User access web application from internet--->traffic came to route53 and resolved in load balancer Ip adddress--->>when external load received the traffic and do the Ssl termination and sent the traffic to target group---->>Target Group is Cloudguard IaaS firewall----->Internal LB--->application hosted server.

My query is here that when External load balancer doing the ssl termination and sent the decrypted to Cloudguard IaaS.

Is it require to do https inspection on Cloudguard IaaS for received decrypted traffic from external LB?

If I am not doing https inspection because received traffic from external LB is already decrypted. Will my enabled blade on firewall do inspect of these traffic.

Please guide me to do correct deployment

 

 

 

 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If it were straight HTTP, the service would say...HTTP.
There are a lot of things in those logs that say TLS, which is most likely encrypted.
There are things that say TCP also, which is probably not encrypted.
To confirm what it is, you'd probably have to run a tcpdump to see what the actual traffic looks like.

Note that HTTPS Inspection is generally only done with HTTPS traffic on one of the standard ports.
It doesn't work with TLS traffic in general.

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

If the gateway is seeing only unencrypted traffic, then you don't need to run HTTPS Inspection at all.

0 Kudos
avi3383
Participant

Thanks for your response.

is there any way to identify unencrypted traffic logs? Please guide.

 

0 Kudos
PhoneBoy
Admin
Admin

The traffic will be HTTP traffic if it's coming from the load balancer. 
Whatever blades you have activated with appropriate policies will apply to the traffic.
This should be clearly visible in the Logs and Monitoring (or SmartView).

0 Kudos
avi3383
Participant

Can you confirm below logs are http logs...these are coming from LB and Https termination are enabled on LB.

 

0 Kudos
PhoneBoy
Admin
Admin

If it were straight HTTP, the service would say...HTTP.
There are a lot of things in those logs that say TLS, which is most likely encrypted.
There are things that say TCP also, which is probably not encrypted.
To confirm what it is, you'd probably have to run a tcpdump to see what the actual traffic looks like.

Note that HTTPS Inspection is generally only done with HTTPS traffic on one of the standard ports.
It doesn't work with TLS traffic in general.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events