topic Thank. in Network Security

Can firewall decrypt SSL or other encrypted traffic ?

kyisoethin — Tue, 12 Mar 2019 09:15:19 GMT

I want to know if firewall can decrypt encrypted traffic.

If so, which firewall can do so.

Hi kyisoethin,

Spooster IT Services — Mon, 24 Apr 2017 13:28:57 GMT

Hi kyisoethin,

No, Cisco ASA's have ability to decrypt encrypted traffic but Cisco ASA 5500-x series firewall with firepower modules has the ability to decrypt and inspect the SSL traffic. Follow the link for more information.

https://www.a10networks.com/blog/ssl-inspection-decryption-cisco-asa-firepower

But other vendors firewalls like PALO ALTO can do. Follow the link for more information.

https://www.paloaltonetworks.com/features/decryption

If this is helpful, please give it a thumbs up.

Hi,

Mohammed al Baqari — Mon, 24 Apr 2017 13:35:22 GMT

Hi,

Ordinary firewalls which perform firewalling functions only such as ASA can deycrpt IPSec traffic only which is encrypted. SSL can't be decrypted with ordinary firewalls.

The next Gen firewalls can decrypt ssl traffic and intercept it. This needs lot of processing power which isn't present in ordinary firewalls.

Thank you for your annswer.

kyisoethin — Tue, 25 Apr 2017 03:02:55 GMT

Thank you for your annswer.

I have more question about it.

If firewall can decrypt Ipsec or ssl, how can this be ?

How do they get decryption encryption key ?

For IPSec, the common

Mohammed al Baqari — Tue, 25 Apr 2017 04:56:54 GMT

For IPSec, the common deployment is using Pre-Shared key which needs to be configured at both firewall ends. This is the key used conceptually to encrypt/decrypt. You can look for exact way of encryption/decryption as IPSec IKEv1 goes through phase 1 and phase 2. During this negotiation, it will extract the actual encryption key, authentication key and nounce.

For SSL, it is based on cryptography. The user will authenticate the firewall certificate using its trusted root CA. After successful verification, they will use public key/private key to exchange session-key which will be used during the session life for encryption/decryption. This is the case for client and client-less.

You can lookup more online to get the details about how this happens as its lengthy process

Thank.

kyisoethin — Tue, 25 Apr 2017 14:22:09 GMT

Thank.

I get it.

For SSL, I think firewall proxy the communcation. It send client its own certificate and client verifies it.After then, firewall create SSL connection to the other client.So there are two SSL connection.

Am I right?

Correct.

Spooster IT Services — Tue, 25 Apr 2017 14:23:03 GMT

Correct.