SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series.
  • 1.  SSL/TLS Decryption for traffic inspection help?

     
    Posted 16 days ago

    I am  wanting to make better and more effective use of the security services on my SRX devices, and as such I have been advised that in order to do so, I need to ensure that SSL/TLS decryption is configured. I have done some searching for relevant documentation, but have quickly become overwhelmed and am uncertain of the appropriateness of a lot of it.

    Can someone point me in the right direction please? Again, this is simply for inspecting traffic for malware etc.


  • 2.  RE: SSL/TLS Decryption for traffic inspection help?

     
    Posted 14 days ago

    Is anyone able to point me in the right direction please?


  • 3.  RE: SSL/TLS Decryption for traffic inspection help?

    This message was posted by a user wishing to remain anonymous
    Posted 14 days ago
    This message was posted by a user wishing to remain anonymous

    Application Security User Guide for Security Devices | Junos OS | Juniper Networks see SSL Proxy section, ssl forward transparent proxy is the solution you will want to use. You'll need to create a self-signed certificate and import this into your Trusted Root Certificates on your host.


  • 4.  RE: SSL/TLS Decryption for traffic inspection help?

     
    Posted 13 days ago

    Many thanks for your reply. I have spent the day on this today. I have largely gotten it setup, but it's essentially useless in its current state, and that is because I am using a self-signed certificate, so I've basically broken the internet for everyone! I understand the issue, but as we use all sorts of devices to access the internet, it is not feasible (or perhaps even possible) to import the cert into any and all devices that might connect. It's a non-starter. So, what's the solution to this problem? Are there any articles pertaining to this specific requirement?