High Availability Support for Decrypted Sessions
High Availability (HA) syncs are supported for inbound, decrypted SSL sessions, if the sessions were established using non-PFS key exchange algorithms.
High Availability (HA) syncs are supported for inbound, decrypted SSL sessions, if the sessions were established using non-PFS key exchange algorithms. When a failover occurs, the passive device continues to inspect and enforce the decrypted traffic.
HA syncs are not supported for:
- decrypted SSL sessions (both inbound and outbound) that were established using PFS key exchange algorithms
- decrypted, outbound SSL sessions using non-PFS key exchange algorithms
In these cases, when a failover occurs, the passive device allows transferred sessions without decrypting them. New sessions will then continue to be decrypted based on your decryption policy.
The following table details HA support for decrypted sessions:
|PFS Protected Session||Non-PFS Protected Session|
Inbound SSL Session
(Inbound Inspection Decryption)
No HA Sync
Outbound SSL Sessions
(SSL Forward Proxy Decryption)
No HA Sync
No HA Sync
Learn about outbound and inbound SSL decryption, SSH Proxy decryption, Decryption Mirroring, and the keys and certificates that make decryption possible. ...
Perfect Forward Secrecy (PFS) Support for SSL Decryption
Perfect Forward Secrecy (PFS) Support for SSL Decryption PFS is a secure communication protocol that prevents the compromise of one encrypted session from leading to ...
Settings to Control Decrypted SSL Traffic
Settings to Control Decrypted SSL Traffic The following table describes the settings you can use to control SSL traffic that has been decrypted using either ...
Size the Firewall Decryption Deployment
Decryption consumes firewall CPU resources, so it’s important to evaluate the amount of SSL decryption your firewall deployment can support and decide what to do ...
Deploy SSL Decryption Using Best Practices
Following SSL Decryption deployment best practices help to ensure a smooth, prioritized rollout and that you decrypt the traffic you need to decrypt to safeguard ...
SSL Forward Proxy
SSL Forward Proxy decryption decrypts outbound traffic so the firewall can protect against threats in the encrypted traffic by proxying the connection between the client ...
Create the Data Center Best Practice Decryption Profiles
Decryption Profiles define the SSL Protocol settings the firewall accepts so you can protect against vulnerable, weak protocols and algorithms. ...
How to Decrypt Data Center Traffic
Use SSL Decryption to inspect all encrypted network traffic and make hidden threats visible. ...