Debunking Blue Coat Myth #6890 -- Application Layer Inspection of SSL Tunnels
A friend of mine told me the other day that a Blue Coat sales guy was trying to feed him a line about how the ISA Firewall was unable to perform application layer inspection on SSL connections and that only by buying a Blue Coat Web proxy could he get inspection of SSL tunnels.
My friend told the Blue Coat goon that this wasn't true -- that his ISA Firewall was able to perform SSL to SSL bridging for all his secure Web Publishing Rules. The Blue Coat guy told him that while the ISA Firewall could inspect inbound tunnels, it couldn't inspect outbound tunnels and he would need to pay a FAT premium in order to cover the margins the Blue Coat resellers get to in order to get outbound SSL to SSL bridging.
Needless to say, my friend was concerned, because the Blue Coat guy was right about the importance of outbound SSL inspection. He asked me if there was a way to get the ISA Firewall to support outbound SSL bridging, because while he didn't want to support the fat, padded margins the Blue Coat guys get, he did want the security that comes without outbound SSL tunnel inspection.
I told him not to worry, as the ISA Firewall does support outbound SSL tunnel inspection, and at a fraction of the price of a Blue Coat box. The answer is Collective Software's ClearTunnel product. ClearTunnel allows the ISA Firewall to perform application layer inspection on outbound SSL tunnels and it tightly integrated into the ISA Firewall's Web Proxy filter and Firewall core. With ClearTunnel you can:
- Inspect outbound SSL connections in the same way you can inspect HTTP connections
- Enforce HTTP Security Filter policies on all SSL connections
- Cache contents of outbound SSL connections -- significantly decreasing your overall bandwidth usage
- Expose the contents of SSL connections to any third party application layer inspection enhancer you have installed on the ISA Firewall
For more information about ClearTunnel, check out the Collective Software Web site at www.collectivesoftware.com And the next time the Blue Coat guy tries to feed you a load of bull, give him the boot and take the money you saved and buy yourself new car!