Encrypted data and VPN in the eye of firewalls
binarysoul
Member Posts: 993
in Off-Topic
Can somebody please explain how stateful firewalls, e.g. CheckPointa and Pix deal with encrypted payload and VPN connections? I don't know a lot about IPsec, but what happens when an IPsec packet arrives at the firewall? Given the firewall can't decrypt the data, how can it know wheter it's good or malicious?
Comments
-
dtlokee Member Posts: 2,378 ■■■■□□□□□□That would really depend on the type of encrypted data. If it has an additional L3 + L4 header they can see the outer header but not the encrpyted contents, this is one way of traversing encrypted data through a NAT device. If there is only an additional L3 header (like ESP + AH) then the firewall can only work on the L3 information, but this type of connection will fail if the firewall is using overlaoded NAT or PAT. In the case of HTTPS there are proxy devices that can intercept the negotitation of the connection and create the encrypted session on behalf of the client. This will lead to the data not being encrypted within the proxy therefore open to stateful inspection.
These are some of the situations you may run into.The only easy day was yesterday!