Security

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  SRX HTTPS re-encryption

    Posted 05-10-2022 11:27
    Hello ,

    Is the attached design possible with the SRX, such that user HTTPS traffic can be inspected by the SRX and can also be decrypted for the Fireeye to inspect, and then another instance of SRX to re-encrypt the traffic



    ------------------------------
    Mohammad Rummaneh
    ------------------------------


  • 2.  RE: SRX HTTPS re-encryption

    Posted 05-11-2022 09:46

    Hi Mohammad,

     Please allow me to share my thoughts – I think the solution may be the following:

    • generating on each SRX its' certificate, signed by the same CA
    • then using (importing) as the Root CA certificate on each SRX SSL Proxy Profile
    • last step – apply the SSL Proxy Profile to a security policy (on each SRX)

    So, in my humble opinion your setup should be a valid one, IF (!) the functionality is already built on SRX-es; what I mean: you need to use the SSL Proxy feature as Client-Protection SSL Proxy, which means that the Certificate is presented to HTTPS clients by the first SRX following a match on specific traffic within security policy, decrypted and flows to FireEye device – this is clear. The only spot I am not sure about is the reverse process – on the second SRX, if that second one knows what to do with the traffic you intercept with the security policy and apply the SSL Proxy profile to it … (if it knows that it should encrypt that clear-text traffic and throw it to the destination).

    Therefore, I recommend you test the setup in JCL – use the BYO feature with two SRX-es – should not take long.

     Good luck !

     Aram



    ------------------------------
    ARAM HAZARIAN
    ------------------------------