Vital Security Appliance SSL Scanning Server
-
Upload
leah-joyner -
Category
Documents
-
view
36 -
download
1
description
Transcript of Vital Security Appliance SSL Scanning Server
Benefits of a Finjan SSL Scanner
• 100% Compatible with Vital Security
• Preconfigured for optimum security
• Preconfigured for performance
• Easy Deployment
How it works… (1/2)
• Workstation has SSL Appliance as Proxy Server for HTTPS.
• Workstation receives a certificate that matches the requested URL. This certificate is generated by SSL appliance.
• SSL appliance requests the information from the Internet using a NEW HTTPS connection.
• SSL appliance checks the Server certificate for:– Revocation
– Expiration
– URL
– Trusted chain
How it works… (2/2)
• SSL appliance uses the Scanning Server for scanning.
• NG Scanning Server returns SSL traffic to the SSL appliance.
• Scanning Server replies with one of the answers below:– Error message
– Modified headers and/or modified body
– No adaptation needed
• SSL appliance sends the original or the modified content to the workstation.
Default IP addresses (NG1400 & NG5400)
• Connect a PC to the NG1400 or NG5400 right port (if necessary use cross cable)
https://10.0.0.100:8380/VSSSLAdmin/LicenseAgr.html
(username: admin password: admin)
• This will start a wizard for configuring the SSL Scanning Server
Configure NG scanner (SSL appliance)
The proxy IP address can also be a VIP of a Loadbalancer
SSL & NG appliance keep state information in the traffic flow
NG Scanner:IP Address & Port
(default 8080)
SSL Returned Communication (NG appliance)
The SSL Returned IP address can also be a VIP of a Loadbalancer
SSL & NG appliance keep state information in the traffic flow
SSL Appliance:IP Address & Port
(default 8081)