Inline TLS/SSL Monitor Mode
Use the inline TLS/SSL monitor mode to assist in understanding your network topology. Monitor mode provides information about the traffic going to the GigaSMART card, which can help to learn about your deployment. When monitor mode is enabled, the monitor application collects information such as TCP ports used and VLAN information about the incoming traffic.
After inline TLS/SSL decryption is configured and monitor mode is enabled, the inline TLS/SSL application does not terminate the session. Instead, the monitor application collects information and forwards packets to the tool port or network port based on the configuration of the non-TLS/SSL TCP bypass action. For any Monitor mode, you can enable or disable seamlessly without any other configuration changes.
Monitor mode is disabled by default. To enable the monitor mode, refer to Configure the Inline TLS/SSL Monitor Mode.
For packets coming from the network port, the monitor application collects packet flow information.
From the information collected from monitor mode, you can analyze the following cases:
duplicate TCP SYN—For a given session, the SYN messages with a different packet signature than 5tuple, for example, a different VLAN ID, indicates the packet is coming from multiple paths. |
asymmetric routing—For a given session, packets arriving from multiple network interfaces indicates a packet is coming from multiple paths. |
Inline SSL Monitor mode only captures TCP information, not SSL information. However Inline SSL Persistent Monitor mode captures both TCP and SSL information.
Note: Monitor mode is supported for standalone nodes only, not for nodes in a cluster.
Configure the Inline TLS/SSL Monitor Mode
You can enable or disable the inline TLS/SSL monitor mode, or enable persistent inline TLS/SSL monitor mode using either CLI command or GigaVUE‑FM.
To enable or disable the monitor mode using CLI, run the following CLI command:
(config) # apps inline-ssl profile alias sslprofile monitor enable
(config) # apps inline-ssl profile alias sslprofile monitor disable
To enable the persistent monitor mode using CLI, run the following CLI command:
(config) # apps inline-ssl profile alias sslprofile monitor inline
To enable the monitor mode using GigaVUE‑FM:
1. | From the device view, go to GigaSMART > Inline SSL > SSL Profiles. |
2. | From the Actions drop-down, click Edit. |
3. | From the SSL Monitor Mode drop-down list, select |
Disable to disable SSL monitor mode, and enable SSL decryption/encryption. |
Enable to enable SSL monitor mode, and disable SSL decryption/encryption. |
Inline to enable persistent monitor mode (both SSL monitor mode, and SSL decryption/encryption). |
4. | Click Apply. |