For proxying connections embedded in TLS, a properly configured proxy for the embedded protocol is required — the best way is to derive an own proxy class and modify its parameters, but you can use a built-in proxy (for example, the HttpProxy
for HTTPS traffic) if its default behavior is acceptable for you. The TLS framework validates the certificate of the server, decrypts the secure channel, then passes the data to the proxy. To transfer traffic that does not have a native proxy, or to inspect only the TLS connection without analyzing the embedded protocol, use PlugProxy
.
For details on deriving and modifying proxies, see Section 6.6, Proxy classes in Proxedo Network Security Suite 2 Administrator Guide.
The following procedure describes how to configure Application-level Gateway proxies to handle TLS connections. For the configuration examples, an Http proxy will be used to inspect HTTPS connections — you can use other proxies similarly to inspect IMAPS, POP3S, and other types of traffic.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu