Ssl proxy mode, Serveriron adx ssl, Figure sho – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

138

ServerIron ADX Security Guide

53-1002440-03

SSL acceleration on the ServerIron ADX

6

SSL Proxy Mode

In full SSL proxy mode, a ServerIronADX maintains encrypted data channels with the client and
server. The ServerIronADX maintains an SSL session with the client and a separate one with the
server. This maintains total SSL security between client and server.

This is useful in a configuration where you want to maintain full SSL security between a client and
server and also have the ServerIronADX perform L7 processing and security to application traffic.
This works because after the SSL connection is terminated at the ServerIronADX and before it
enters the SSL connection with the server, it is in clear-text within the ServerIronADX where it can
be subject to L7 inspection.

Figure 10 shows the basic topology for a configuration of the full SSL proxy mode.

FIGURE 10

ServerIron ADX SSL Proxy

ServerIron ADX SSL

This section describes the SSL features used in configuration of a ServerIron ADX for SSL
acceleration.

ServerIron

Real
Server

Client

SSL Termination on:

rs10 (10.1.1.20)

vip 10 (10.1.1.100

)

HTTP
Traffic

SSL
Traffic

(encrypted)

(unencrypted)

ServerIron

Real
Server

Client

rs10 (10.1.1.20)

SSL
Traffic

(encrypted)

SSL
Traffic

(encrypted)

SSL Proxy on:
vip7 (10.1.1.30)