Enabling Intrusion Detection and Prevention Processing of Encrypted and Encapsulated Traffic (NSM Procedure)

You can enable IDP processing of encrypted and encapsulated traffic through NSM.

  1. Enabling SSL Decryption
  2. Enabling GRE Decapsulation
  3. Enabling GTP Decapsulation

Enabling SSL Decryption

You can enable inspection of SSL traffic by first adding keys for the target SSL servers to the IDP keystore and then enabling the IDP SSL decryption feature.

For an overview of the IDP SSL decryption feature and lists of supported encryption algorithms and SSL ciphers, see the IDP Concepts & Examples Guide.

To add keys for target SSL servers to the IDP keystore:

  1. Use SCP or FTP to copy your private key file to the IDP device. IDP does not run an FTP server, so you have to initiate the FTP session from the IDP device.
  2. Add the key to the IDP keystore.
  3. Retrieve the key ID from the IDP keystore.
  4. Add any other servers that use the same key.

To enable SSL decryption:

  1. In the NSM Device Manager, double-click the IDP device to display the device configuration editor.
  2. Click Sensor Settings.
  3. Click the Run-Time Parameters tab.
  4. Expand the Run-Time Parameters group.
  5. Select Enable SSL decryption support.
  6. Click OK.

Enabling GRE Decapsulation

To enable GRE decapsulation:

  1. In the NSM Device Manager, double-click the IDP device to display the device configuration editor.
  2. Click Sensor Settings.
  3. Click the Run-Time Parameters tab.
  4. Expand the Run-Time Parameters group.
  5. Select Enable GRE decapsulation support.
  6. Click OK.

Enabling GTP Decapsulation

To enable GTP decapsulation:

  1. In the NSM Device Manager, double-click the IDP device to display the device configuration editor.
  2. Click Sensor Settings.
  3. Click the Run-Time Parameters tab.
  4. Expand the Run-Time Parameters group.
  5. Select Enable GTP decapsulation support.
  6. Click OK.

Related Documentation