GOLD - Deep Packet Inspection / How to access the Packet Data Uploaded for inspection?

Follow

Firewall Guy

• March 10, 2021 13:05

Hello, 

I'm interested in the subject of Deep Packet Inspection, how do we access the Packet Data Uploaded to review what is being transferred / uploaded?

Some pointers would be appreciated.

 

1

• 

  Firewalla

  • March 10, 2021 17:45

  Since most packets are encrypted, there is no point in looking into the packet. (even if there is no encryption, understanding network packets is NOT easy)  The network flow on the other hand is on the app.  

  0

  Comment actions Permalink
• 

  Firewall Guy

  • March 10, 2021 18:57

  Hello Firewalla Team, 

  Can the GOLD box help me get the unencrypted packets to 'somewhere' so I can play around, or is this beyond the GOLD box?

  Is there any custom app that can be installed on the docker to transfer the packets to 'somewhere'?

  Thanks in advance.

  Donald

  0

  Comment actions Permalink
• 

  Firewalla

  • March 10, 2021 20:11

  This is beyond the Gold box ... for the decryption to happen, you will need two things

  1. Insert a certificate signed by firewalla to your devices

  2. Firewalla plays a man in the middle using the cert keys from (1).

  Now, (1) is only possible if you have access to the operating system.  (2) is fairly mechanical.   Now doing this will break the end-to-end trust for HTTPS, which we (our team) do not feel the average consumer have the knowledge of messing around with certificates effectively.  

   

  1

  Comment actions Permalink
• 

  Matt Gilg

  • January 18, 2022 12:47

  Possible to enable something like this per-device in the future? Useful for home workstations, not so useful for a chromecast. Does the gold possess the required hardware to get ssl decrypt done? I'm on the fence between fortinet 40F and this, and the firewalla convenience features are very nice.

  0

  Comment actions Permalink

Please sign in to leave a comment.