04-15-2018 02:48 AM - edited 02-21-2020 07:38 AM
We need to implement a new FTD as transparent mode in our network where it will put between the first stage of firewall and Perimeter Firewall and we need to pass all traffic " Web and Email traffic " through this device where we need to inspect all traffic.
We're using Web security appliance and Email security appliance and we have CA so my questions are:
1. Which certificate have we use to inspect all traffic " Web and Email " ?
2. Which requirements do we have before our Implementation and steps of implementations?
BR,
Saad
04-15-2018 07:39 AM
If you already have WSA and ESA then they inspect your web and email traffic respectively.
Why would you want to also add the FTD as an additional inspection explicitly for those traffic types? You can just use it in normal IPS mode and don't do anything special for web and email on it.
Decryption is a very deep topic. Very few organizations elect to decrypt outbound web traffic with FTD. Doing so requires a significant effort and is a challenge that's not easily answered in a support community thread. It should instead be part of a well-thought-out project executed by competent systems engineers.
04-15-2018 08:04 AM
Thank you for your reply Marvin.
I'm already Web and Email security appliance but the customer needs FTD as second phase for inspection and needs the malicious traffic to go to SIEM solution at another branch.
So we need to decrypt the traffic to inspect it.
04-15-2018 09:47 PM
I've never seen anyone chain together decryption. To do so successfully each step would have to trust the certificate of the next one. For instance, client trust WSA certificate, WSA trusts FTD certificate and FTD decrypts and re-signs traffic destined for the Internet.
Even when it it is only FTD involved it's a hard problem as a large and increasing number of sites and services do not allow decryption and doing so will break the application (Dropbox, iTunes, Google services etc.).
Generally speaking you're better off supplementing solutions such as are already in place with endpoint-based ones such as Umbrella and AMP for Endpoints.
If I was going to undertake what you're trying to do, I would try it in a lab first to validate the concept and then deploy it very carefully, starting with a small group of pilot users.
04-16-2018 01:20 AM - edited 04-16-2018 01:34 AM
Thanks Marvin.
BR,
Saad
04-16-2018 05:53 AM
I will provide you my topology and please provide me the steps of implementation of FTD transparent:
1. We have Forcepoint Firewall and it's a gateway of users and it has two another zones for WSA and ESA.
2. The outside interface is connecting to another UTM " Cisco ASA ".
3. We need to put the FTD between Forcepoint and Cisco ASA in transparent mode where we need this device decrypt the whole traffic of Web and Email then inspect it.
Note. We will use FTD 2110
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide