[j-nsp] IDP series SSL decryption

Jonas Frey (Probe Networks) jf at probe-networks.de
Wed Jul 24 05:44:36 EDT 2013


Hello,

i wonder if the IDP series (75, 250 etc) are able to decrypt SSL
sessions using keys transparently to check for IPS.
According to 
http://www.juniper.net/techpubs/en_US/idp5.0/topics/task/configuration/intrusion-detection-prevention-ssl-decryption-enabling.html
this should be possible.

I wonder if this is really transparent in terms of certificate errors
showing up on the clients browser visiting a site behind the IDP.
(Internet -> IDP -> SSL Server)
Does the IDP in this mode mangle with the SSL packets in any way?

If anyone has a setup like the above and can confirm that it works i'd
like to hear about it.


-Jonas


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130724/8d186ae7/attachment.sig>


More information about the juniper-nsp mailing list