AppXcel decrypts the client request and sends the HTTP traffic to its default gateway (the Alteon).Ħ. AppXcel uses the information in the server certificate to generate a certificate used to complete the SSL handshake with the client.ĥ. AppXcel opens a new SSL connection to the secured web site using the original 元 information.Ĥ.
Alteon intercepts the HTTPS request and redirects it to AppXcel’s group, while maintaining the 元 information.ģ. Client initiates an HTTPS request (SSL Hello) to a secured web site (ex. The traffic flow when configuring Client SSL-sniffing is as follows:ġ. Note that this solution is valid for all Alteon Standalone and VX versions, but not for Alteon VA. The on-the-fly certificate uses the same common name as in the original certificate. This solves the problem of performing registry changes on the client’s PC, and also presents the exact server certificate’s details to the client (such as expiration dates, issuer, and common name). To support it, the AppXcel creates a server certificate which is identical to the remote server’s certificate on the fly, signs it with the configured CA certificate of the AppXcel, and passes it to the client.
This mode of operation allows SSL traffic to be inspected by different security services both for outgoing and, more importantly, for incoming traffic, thus ensuring no malicious content can access the organization via encrypted traffic. The HTTP traffic is then sent back to the AppXcel which then re-encrypts it and sends it to the Internet. The AppXcel can work in a mode where it acts as an SSL terminator for traffic bound to the internet, and send it as clear HTTP traffic for inspection purposes.
The Alteon solution for Client SSL-sniffing is combined from Radware AppXcel and Alteon devices. Client SSL-sniffing is also called internal client protection over SSL.
0 kommentar(er)
