Inline TLS/SSL Decryption Deployments
There are two ways to deploy inline TLS/SSL decryption as follows:
Refer to 1 for an example of an inbound deployment. The client is on the Internet. The server and the GigaVUE-OS and GigaVUE‑FM node are located within the same enterprise network, with the GigaVUE-OS and GigaVUE‑FM node deployed on the server side. The GigaVUE-OS and GigaVUE‑FM node needs access to the private keys of the server to perform Man-in-the-Middle (MitM) decryption.
|
1
|
Inbound Deployment of Inline TLS/SSL Decryption |
Use case for inline TLS/SSL decryption:
|
■
|
Clients on the Internet |
|
■
|
Servers in internal network |
|
■
|
Organization has the private key of the server |
|
■
|
Diffie-Hellman and Perfect Forward Secrecy is being used |
Refer to 2 for an example of an outbound deployment. The client and the GigaVUE-OS and GigaVUE‑FM node are located within the same enterprise network, with the GigaVUE-OS and GigaVUE‑FM node deployed on the client side. The server is located in another network on the Internet. In this deployment, the role of the GigaVUE-OS and GigaVUE‑FM node is that of a Man-in-the-Middle (MitM). In this deployment, the GigaVUE-OS and GigaVUE‑FM node does not have access to the private keys of the server, but as a trusted MitM, the GigaVUE-OS and GigaVUE‑FM node can look at TLS/SSL traffic.
|
2
|
Outbound Deployment of Inline TLS/SSL Decryption |
MORE INFORMATION 
