Included IP Ranges and Ports
You must configure the NBA to decode SSL traffic using specific IP ranges and ports. You specify these IP ranges and ports when you set up your network filters. Any SSL traffic using other IP addresses or ports is not decoded.
We recommend that you target SSL decoding at IP address ranges and ports where you expect to see SSL traffic that can be decrypted. For example, many client computers use port 80/443 for HTTPS and port 25/465/587 for SMTPS, so you need to target these address IP ranges and ports. Other applications may use different ports. For example, Forefront TMG, a Microsoft threat management product, uses ports in the range 25,000 to 50,000. Your network administrators can provide you with the IP ranges and ports that you must target when decoding encrypted SSL traffic.
You may also want to specify IP addresses or port numbers where SSL traffic is not typically expected but where you need to detect any SSL traffic that does occur.
Excluded IP Ranges and Ports
After choosing which IP ranges and ports you want to monitor for SSL traffic, you can exclude certain addresses or ports from decoding. For example, if you have included SSL traffic from IP range 10.20.0.0/16, you can exclude SSL traffic from a specific address within this range, such as 10.20.0.12.
Exclusions from SSL decoding are necessary when:
Excluded Domains
You can also specify exclusions based on DNS names. If an SSL connection is made to a server with a matching domain name, the connection is not decoded.
|
Copyright © 2014 CA.
All rights reserved.
|
|