Introduction
Enterprise networks can have redundant paths connected to the Internet. As a result, upstream and downstream traffic could take different paths (asymmetric traffic) subject to the routing policy. This can impact deploying the inline tools for SSL/TLS inspection as the tools expect to inspect the traffic in both directions. Else, the inspection fails resulting in blind spots. Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution resolves this challenge by transparently correlating and decrypting the traffic before feeding to the tools and forwarding the inspected traffic along the intended path without affecting the routing policy. Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution allows to correlate asymmetric traffic and decrypt before feeding into the attached inline tools, with out making any intrusive network changes and allowing for complete visibility into both encrypted and non-encrypted network traffic.
Design Overview
This GVD illustrates deploying Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution for inspecting the outbound SSL/TLS traffic using the following topology. Traffic between the clients and servers can be asymmetric, taking independent paths in each direction. The device and the inline tools are deployed on each path to achieve device-level redundancy, and the device is configured in fail-safe mode to ensure 100% availability. Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution guides the upstream and downstream traffic such that the traffic flows with odd source IPs are decrypted and/or forwarded to the tools on one side and the traffic flows with even source IPs are decrypted and/or forwarded to the tools on the other side. The inspected traffic is encrypted and guided along the original network path. Refer to the GigaVUE-FM Users Guide for more details about the feature.
Figure 1: Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution
-
BPS - Inline Bypass Module
-
IBP - Inter Broker Pathway
-
WAF - Web Application Firewall
-
ATP - Advanced Threat Prevention
To learn more about this solution, read complete details on the Gigamon Community: Enabling-SSL-TLS-Inspection-on-a-Network-Having-Asymmetric-Routing-5-12.
