This document describes how to implement SSL Deep Packet Inspection (DPI) inside a Firewall Load Balancing (FWLB) sandwich to improve availability, scalability and visibility across the IT infrastructure. The document focuses on SonicWall® SuperMassive next-generation firewalls for DPI, and A10 Networks Thunder SSL Insight® (SSLi®) for SSL decryption and FWLB.
With the end-to-end security promised through SSL encryption, the threat of hidden attacks continues to increase, mandating organizations to decrypt and inspect SSL traffic. Organizations that do not decrypt and inspect traffic to unknown public sites create a blind spot that is left open for exploitation by data extrusion and malware, including advanced persistent threats (APTs). Most next-generation security devices are capable of decrypting SSL traffic and applying deep packet inspection policies. However, they are not designed specifically to handle the growing SSL traffic, coupled with increasing SSL key lengths and more computationally complex SSL ciphers. When facing a large volume of SSL traffic, most of the firewalls’ resources get split between performing DPI and SSL decryption and re-encryption.
To enable business productivity, internet access must be operational and available at all times. This is sometimes referred to as “five nines” (99.999) uptime. Because things break, and unforeseen events do take place, organizations need to create an architecture that is highly available with failures predicted ahead of time, such that the only downtime is for planned maintenance.
A10 Networks SSL Insight technology provides a high-performance, highly available SSL decryption solution, which helps eliminate the SSL blind spot in corporate defenses and enables security devices to inspect encrypted traffic such as HTTPS, and not just clear text data in HTTP traffic.
SonicWall® SuperMassive firewalls provide high-performance DPI and threat protection along with centralized management and monitoring capabilities.
Register to Download Free White Paper