Tls Termination - D-Link NetDefendOS User Manual

certificate and continue.
Advantages of Using NetDefendOS for TLS Termination
TLS can be implemented directly in the server to which clients connect, however, if the servers
are protected behind a NetDefend Firewall, then NetDefendOS can take on the role of the TLS
endpoint. NetDefendOS then performs TLS authentication, encryption and unencryption of data
to/from clients and the transfer of unencrypted data to/from servers. The advantages of this
approach are:
• TLS support can be centralized in the NetDefend Firewall instead of being set up on
individual servers.
• Certificates can be managed centrally in the NetDefend Firewall instead of on individual
servers. Unique certificates (or one wildcard certificate) does not need to be present on each
server.
• The encryption/decryption processing overhead required by TLS can be offloaded to the
NetDefend Firewall. This is sometimes referred to as SSL acceleration. Any processing
advantages that can be achieved can, however, vary and will depend on the comparative
processing capabilities of the servers and the NetDefend Firewall.
• Decrypted TLS traffic can be subject to other NetDefendOS features such as traffic shaping or
looking for server threats with IDP scanning.
• TLS can be combined with NetDefendOS server load balancing to provide a means to spread
traffic across servers.
Enabling TLS
The steps to take to enable TLS in NetDefendOS are as follows:
1. Upload the host and root certificates to be used with TLS to NetDefendOS if not done
already.
2. Define a new TLS ALG object and associate the appropriate host and root certificates with
Figure 6.8. TLS Termination
501
Chapter 6: Security Mechanisms