This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transparent vs Explicitly Defined Proxy

With Transparent proxy, I understand that the client definitely needs SSL bump in order for Decrypt and Scan web filtering.

Does the client need SSL Bump if I define the proxy explicitly in the client internet settings? An IT consultant is telling me SSL bump is an un-needed security risk.

Thanks,

Greg

This thread was automatically locked due to age.

Parents

0 Michael Dunn over 11 years ago

The developer is incorrect.

There is a minor difference between transparent and explicit when you are not doing decrypt and scan - that being how easy is it to determine the real domain that the user is going to. In 9.1 transparent we did not have this, in 9.2 transparent we do (now called "URL Filtering Only"). Explicit always knows the real destination. But that only how to do with domain categorization and blocking. Actual stream decryption requires a full man-in-the-middle attack with CA authority.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Michael Dunn over 11 years ago

The developer is incorrect.

There is a minor difference between transparent and explicit when you are not doing decrypt and scan - that being how easy is it to determine the real domain that the user is going to. In 9.1 transparent we did not have this, in 9.2 transparent we do (now called "URL Filtering Only"). Explicit always knows the real destination. But that only how to do with domain categorization and blocking. Actual stream decryption requires a full man-in-the-middle attack with CA authority.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data