bypass SSL for some domains?
Hi there,
Is it possible to have certain domains be added to a bypass SSL list? Some Apple and Microsoft URL's do not like packet inspection impacting certs(viewed as a man in the middle threat), and it would be cool to have high bandwidth sites like Netflix bypassed.
-
No issues yet, I just ordered the gold today. :-) So you don't insert an intermediate cert? At my work, we had some issues with sites like apple.com when doing ssl inspection. I also figured you could save some workload on the firewalla gold by having high bandwidth traffic like netflix or youtube bypassed in ssl inspection.
-
We do not do ssl proxy ... or ssl man in the middle
This is something that probably only makes sense to be done in an enterprise; where the boss can add a cert to your device and then another one in the bigger firewalls, this way, the bigger firewall can unwrap the https sessions.
None of the firewalla product does this type of inspection. We feel it is just dangerous to mess around with encryption; and it is more dangerous if there is no Information Security people around managing ...
Please sign in to leave a comment.
Comments
9 comments