ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Can i see the encrypted traffic trought the firewall?

03.05.09   |  
‎03-05-2009 06:17 AM

Hi Everybody

 

 

I tried to know if its possible to see the encrypted traffic, on the Juniper ISG 2000?

If it possible how can i see it?

8 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Can i see the encrypted traffic trought the firewall?

03.05.09   |  
‎03-05-2009 06:50 AM

If you mean can you see it as decypted traffic - No (Thats why it is encrypted Smiley Very Happy)

If you mean can you see it as a stream of encrypted traffic - Yes (Thats what hackers/crackers try to break Smiley Mad)

ScreenOS Firewalls (NOT SRX)

Re: Can i see the encrypted traffic trought the firewall?

03.06.09   |  
‎03-06-2009 03:28 PM
Actually for the ISG platform, you may not even be able to see the encrypted traffic itself as this is handled in hardware. You will not be able to see even in the debugs.
****pls click the button " Accept as Solution" if my post helped to solve your problem****
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Can i see the encrypted traffic trought the firewall?

03.09.09   |  
‎03-09-2009 03:07 AM
Good point WL
ScreenOS Firewalls (NOT SRX)

Re: Can i see the encrypted traffic trought the firewall?

03.09.09   |  
‎03-09-2009 07:14 AM

Even if you are able to see the traffic it will be cipher-text, I wonder why you require this? Is it a POC for a customer?

 

Regards

 

Farrukh Haroon

ScreenOS Firewalls (NOT SRX)

Re: Can i see the encrypted traffic trought the firewall?

[ Edited ]
03.12.09   |  
‎03-12-2009 10:30 AM

MuggsyO,

 

If the encrypted traffic is terminated on the ISG-2000, you can disable the security device from creating a hardware session for a specific traffic via CLI "set no-hw-sess" under policy for troubleshooting purposes. This is supported since ScreenOS 6.1

 

In addition to that, you can use flow and snoop filters on tunnel traffic since ScreenOS 6.2

 

Hope this helps.

Cesar

Message Edited by Cesar on 03-12-2009 10:40 AM
ScreenOS Firewalls (NOT SRX)

Re: Can i see the encrypted traffic trought the firewall?

03.14.09   |  
‎03-14-2009 04:04 PM

Hi Cesar,

 

I thought you could also force transit traffic to go over the CPU and debug it, not only terminated traffic?

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
ScreenOS Firewalls (NOT SRX)

Re: Can i see the encrypted traffic trought the firewall?

03.16.09   |  
‎03-16-2009 12:33 AM

Screenie,

 

You are right, you can also send pass though traffic to CPU via  "set no-hw-sess" but the box will not decrypt encrypted pass-though traffic.

 

Cesar

 

 

 

 

ScreenOS Firewalls (NOT SRX)

Re: Can i see the encrypted traffic trought the firewall?

03.16.09   |  
‎03-16-2009 02:14 AM

Thanks fot your answer Cesar. Of course you can't decrypt the traffic when it's transit. I just wanted to make sure I didn't have it wrong on the debug feature on ISG's. Thanks again.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.