<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<div class="moz-cite-prefix">On 7/24/19 09:16, Kenny Taylor wrote:<br>
</div>
<blockquote type="cite"
cite="mid:BYAPR11MB3574BF16EE07B2C8FF460D0BEBC60@BYAPR11MB3574.namprd11.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Good morning,<o:p></o:p></p>
<p class="MsoNormal"><o:p>�</o:p></p>
<p class="MsoNormal">I hate to pull away from the 44/8 fire
(KJ6BSQ here, and former AMPRnet user), but I�d like to get
some advice from the community on traffic visibility tools..<o:p></o:p></p>
<p class="MsoNormal"><o:p>�</o:p></p>
<p class="MsoNormal">We use a pair of appliances called Exinda
for traffic shaping and visibility.� The current appliances
are end-of-support and the replacements are hugely expensive
after GFI acquired Exinda.� Traffic shaping is less of a
concern now, as circuit speeds have caught up with our users,
but visibility is still a big need.� Those boxes do two things
very well:� 1) identification of FQDNs using SSL cert
inspection on HTTPS traffic and 2) categorization of the
traffic (i.e. Netflix, Youtube, etc.).� We have Netflow
monitoring using PRTG, but seeing something like
�ec2-34-214-76-39.us-west-2.compute.amazonaws.com� in Netflow
logs isn�t very useful.<o:p></o:p></p>
</div>
</blockquote>
tls 1.3 encrypted SNI� or QUIC and then DOH will eventually make
https opaque. Whether this is soon or not I guess is an open
question but passive inspection will probably become less useful
over time. it seems likely to cause industry / monitoring product
change as well.<br>
<blockquote type="cite"
cite="mid:BYAPR11MB3574BF16EE07B2C8FF460D0BEBC60@BYAPR11MB3574.namprd11.prod.outlook.com">
<div class="WordSection1">
<p class="MsoNormal">We�re looking for something that could sit
either inline or hang off a SPAN port, handle 5-10 Gbit of
traffic, do the SSL cert FQDN identification, and preferably
group results by site/subnet/category.� What would you guys
recommend?<o:p></o:p></p>
<p class="MsoNormal"><o:p>�</o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal"><o:p>�</o:p></p>
<p class="MsoNormal">Kenny Taylor<o:p></o:p></p>
<p class="MsoNormal">WAN Engineer<o:p></o:p></p>
<p class="MsoNormal">Kern Community College District<o:p></o:p></p>
<p class="MsoNormal"><o:p>�</o:p></p>
</div>
</blockquote>
</body>
</html>