9 Oct
2020
9 Oct
'20
3:09 p.m.
Dear Nanog; Hope everyone is getting ready for a good weekend. I'm working on a greenfield service provider network and I'm running into a security challenge. I hope the great minds here can help. Since the majority of traffic is SSL/TLS, encrypted malicious content can pass through even an "NGFW" device without detection and classification. Without setting up SSL encrypt/decrypt through a MITM setup and handing certificates out to every client, is there any other software/hardware that can perform DPI and/or ssl analysis so I can prevent encrypted malicious content from being downloaded to my users? Have experience with Palo and Firepower but even these need the MITM approach. I appreciate any advice anyone can provide. Best, CJ