Are you really suggesting decrypting customer traffic? In most parts of the world that act falls in one of two categories: it is either required by law or it is illegal.
Offer your customers a good virus scanner to install instead. Regards Baldur fre. 9. okt. 2020 21.27 skrev Christopher J. Wolff <cjwo...@nola.gov>: > Dear Nanog; > > > > Hope everyone is getting ready for a good weekend. I’m working on a > greenfield service provider network and I’m running into a security > challenge. I hope the great minds here can help. > > > > Since the majority of traffic is SSL/TLS, encrypted malicious content can > pass through even an “NGFW” device without detection and classification. > > > > Without setting up SSL encrypt/decrypt through a MITM setup and handing > certificates out to every client, is there any other software/hardware that > can perform DPI and/or ssl analysis so I can prevent encrypted malicious > content from being downloaded to my users? > > > > Have experience with Palo and Firepower but even these need the MITM > approach. I appreciate any advice anyone can provide. > > > > Best, > > CJ >
