<div dir="auto">Are you really suggesting decrypting customer traffic? In most parts of the world that act falls in one of two categories: it is either required by law or it is illegal. <div dir="auto"><br></div><div dir="auto">Offer your customers a good virus scanner to install instead.</div><div dir="auto"><br></div><div dir="auto">Regards </div><div dir="auto"><br></div><div dir="auto">Baldur </div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">fre. 9. okt. 2020 21.27 skrev Christopher J. Wolff <<a href="mailto:cjwolff@nola.gov">cjwolff@nola.gov</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="m_-4010339947753235951WordSection1">
<p class="MsoNormal">Dear Nanog;<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Hope everyone is getting ready for a good weekend. I’m working on a greenfield service provider network and I’m running into a security challenge. I hope the great minds here can help.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Since the majority of traffic is SSL/TLS, encrypted malicious content can pass through even an “NGFW” device without detection and classification.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Without setting up SSL encrypt/decrypt through a MITM setup and handing certificates out to every client, is there any other software/hardware that can perform DPI and/or ssl analysis so I can prevent encrypted malicious content from being
downloaded to my users?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Have experience with Palo and Firepower but even these need the MITM approach. I appreciate any advice anyone can provide.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Best,<u></u><u></u></p>
<p class="MsoNormal">CJ<u></u><u></u></p>
</div>
</div>
</blockquote></div>