SSL Inspector




More and more Internet traffic is being encrypted using HTTPS, which creates a huge blindspot for firewalls. It compromises their ability to analyze traffic, identify threats or handle policy violations.

SSL Inspector solves this problem. Whether it is driven by concerns about personal privacy, or the rise of web applications like Salesforce, Netflix and Facebook, the amount of encrypted Internet traffic has exploded. SSL Inspector puts NG Firewall in the middle of the encrypted traffic, with the ability to decrypt and analyze the data as it passes through.

SSL Inspector creates a specialized certificate on each client. This certificate communicates directly with the gateway which is then able to decrypt HTTPS and SMTP traffic, process, and re-encrypt it on the fly all from within NG Firewall—without ever exposing the decrypted traffic to the network. This enables HTTPS traffic to be inspected in the same way as regular HTTP traffic, meaning that all NG Firewall apps and their rules can be applied.

Features

  • Requires issuance of a new certificate on each client to avoid browser warnings.
  • Can be configured to analyze some traffic while passing through the rest.
  • Fully decrypt SMTP over SSL to allow Web Filter to block/flag sites, Application Control to apply rules to users, and Spam Blocker to scan SMTP.