Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Are Deep Inspection or Anti-virus able to scan HTTPS traffic?

0

0

Article ID: KB28090 KB Last Updated: 13 Sep 2013Version: 1.0
Summary:

This article explains whether Deep Inspection (DI) and Anti-virus (AV) can inspect HTTPS traffic. Encrypted protocols cannot be inspected by DI or AV.

Symptoms:

Can Deep Inspection or Anti-virus mechanisms be used to detect HTTPS communication?

Cause:

Solution:

For HTTP traffic, DI will perform a scan on Layer 7 data (GET, POST etc.) to look for attack patterns by comparing the data contained within the application service fields with the Attack Object Database’s library of signatures. However, as HTTPS payload is encrypted, the firewall cannot scan it. Encrypted protocols (HTTPS, SFTP, SSL etc) will not be inspected by DI or AV. Although there are some signatures for SSL, none of them scan encrypted traffic.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search