DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
September 26, 2019
In this video, Solutions Architect, Doug McKillip, talks about A10 SSL Insight’s Layer 2 deployment, how it works and why it is important to have this capability.
My name is Doug McKillop. I’m a Solutions Architect with A10 Networks and today I’m briefly going to discuss our SSL Insight solution, commonly referred to as SSLi in a layer 2 deployment.
So, I’m going to briefly sketch what that looks like for you with an internet over here, firewall in front of it.
Then typically over here in the middle there’s going to be one or more security devices.
I’m purposely leaving some gaps and you’ll see why here in a second. Okay.
Then over on this side will be a client, local area network. And attached here would be PCs, mobile devices, as well as what’s called The Internet of Things.
So, the advantage of a layer 2 SSL decryption solution is that I can put right in the middle here a decryption. appliance and that same appliance can be put out here to re-encrypt.
Now, the reason we say layer 2 is because these PCs will have this firewall as their default gateway.
And as their default gateway, the network team will be happy about that because they don’t need to make any changes to re-IP anything, change configuration of the local area network devices. So in a sense, what we’re doing is a drop in solution, where SSL traffic here is going to get decrypted and then re-encrypted on this side.
Now, what about failover? What about redundancy? Simple.
Well, what we’ve got to do is add another SSL decryption device, which will be fed off a local area network into the security chain. Then once more this goes into a secondary firewall out to the internet.
That is an active firewall. That becomes a standby firewall. And now it is the firewall failover that’s essentially a high availability of a link between the two that dictates the path that the traffic takes.
To complete the picture, actually, what I need to draw here is a re-encrypt portion of the same appliance that was used to decrypt. So we’re feeding in to the security device chain, going over here, to the firewall.
And now we have a path here, the top … a path here at the bottom for high availability in a layer 2 drop in.
Thank you for your attention.