Enabling SSL/TLS Inspection on a Network having Asymmetric Routing (6.3)

Introduction

The enterprise networks can have redundant paths connected to the internet. As a result, upstream and downstream traffic could take different paths (asymmetric traffic) subject to the routing policy. This can impact deploying the inline tools for SSL/TLS inspection as the tools expect to inspect the traffic in both directions. Otherwise, the inspection fails resulting in blind spots. Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution resolves this challenge by transparently correlating and decrypting the traffic before feeding to the tools and forwarding the inspected traffic along the intended path without affecting the routing policy.

Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution allows you to correlate asymmetric traffic and decrypt before feeding into the attached inline tools, without making any intrusive network changes and allowing for complete visibility into both encrypted and non-encrypted network traffic.

Topology Diagram



Design Overview

  • This GVD illustrates deploying Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution for inspecting both Inbound and outbound SSL/TLS traffic using the following topology. The traffic between the clients and servers can be asymmetric, taking independent paths in each direction. The device and the inline tools are deployed on each path to achieve device-level redundancy, and the device is configured in fail-safe mode to ensure 100% availability.

  • Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution guides the upstream and downstream traffic such that the traffic flows with odd source IPs are decrypted and/or forwarded to the tools on one side and the traffic flows with even source IPs are decrypted and/or forwarded to the tools on the other side. The inspected traffic is encrypted and guided along the original network path. Refer to the GigaVUE-FM Users Guide for more details about the feature.

To learn more about this solution, read complete details on the Gigamon Community: Enabling SSL/TLS Inspection on a Network having Asymmetric Routing (6.3)