This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS of https traffic

Hello,

We're about to switch to an ASG box to replace our juniper hardware. We're running an IIS webserver behind it that only allows https over port 443.

Will the ASG be able to do IPS on the https traffic? Or do we need an ssl offloading device that routes the decrypted data through the ASG again (if so, how do we maintain the source ip's of the IPS alerts?)

Same question for the advanced web application security features of the ASG (form hardening, xss/sqlinj. prevention, etc).

Thanks & regards,
Tim

This thread was automatically locked due to age.

0 BarryG over 13 years ago

Hi, Astaro 8 has a WAF (Web Application Firewall); you can install your SSL certs into there and it will be able to protect your webserver(s).

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 tfp over 13 years ago in reply to BarryG

Hi Barry,

Thanks for your answer, sounds good. How will this work if we have a HA active/active setup with 2 or more boxes? Will every box need its own certificate? Or can we reinstall the same certificate on multiple boxes?

Thank you.

Regards,
Tim
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 13 years ago

Tim, in a clustered environment, you install once to the current Master, and it then copies information out to the existing Slaves. All units must have identical network connections.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel