Configuring Intrusion Detection and Prevention Devices Guide
Enabling SSL Decryption
Enabling GRE Decapsulation
114
You can enable inspection of SSL traffic by first adding keys for the target SSL servers
to the IDP keystore and then enabling the IDP SSL decryption feature.
For an overview of the IDP SSL decryption feature and lists of supported encryption
algorithms and SSL ciphers, see the IDP Concepts & Examples Guide.
To add keys for target SSL servers to the IDP keystore:
Use SCP or FTP to copy your private key file to the IDP device. IDP does not run an
1.
FTP server, so you have to initiate the FTP session from the IDP device.
Add the key to the IDP keystore.
2.
Retrieve the key ID from the IDP keystore.
3.
Add any other servers that use the same key.
4.
To enable SSL decryption:
In the NSM Device Manager, double-click the IDP device to display the device
1.
configuration editor.
Click Sensor Settings.
2.
Click the Run-Time Parameters tab.
3.
Expand the Run-Time Parameters group.
4.
Select Enable SSL decryption support.
5.
Click OK.
6.
To enable GRE decapsulation:
In the NSM Device Manager, double-click the IDP device to display the device
1.
configuration editor.
Click Sensor Settings.
2.
Click the Run-Time Parameters tab.
3.
Expand the Run-Time Parameters group.
4.
Select Enable GRE decapsulation support.
5.
Click OK.
6.
Copyright © 2010, Juniper Networks, Inc.