I'm reading reports stating that as much as 72% of Internet traffic is SSL encrypted. Aside from just having an effective endpoint security solution, deep packet inspection at the edge is a critical function of modern firewalls. Where does the release of hardware and OS supporting DPI on the Meraki platform sit on the product roadmap?
Thank you!
You mean this: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/HTTPS_Inspection ??
It's in beta now. Call support and request it be enabled.
This is great. I imagine that turning this on severely impacts performance as it does with every firewall. It makes me wonder if Meraki has some higher-performance MX models coming out to meet that challenge in the enterprise.
>I imagine that turning this on severely impacts performance as it does with every firewall.
Basically you take a 90% performance hit. It turns a 1Gb/s MX into a 100Mb/s MX.
You can use group policy to selectively apply it to only certain clients to alievaite this somewhat.
This is the instructions for configuring TLS decryption.
https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/HTTPS_Inspection
Thanks, Philip. I work in telecommunications, and we sell a lot of Meraki. I am finding a serious lack of DPI support here, and I am hoping to soon have an option for my more security-conscious customers. And hey, if they have information that important to protect, they will have the budget for a bigger firewall, so hopefully Meraki will follow the official release with something north of the MX450.
You can call support to enable beta caracteristics.
greetings.
DPI SSL is fast becoming an issue. The problem I see is by inspecting SSL traffic you are actually breaking what SSL was designed for which was to be encrypted traffic.
I would have also thought more than 90% of internet traffic would be SSL TBH.
@KrisWithaK wrote:I'm reading reports stating that as much as 72% of Internet traffic is SSL encrypted. Aside from just having an effective endpoint security solution, deep packet inspection at the edge is a critical function of modern firewalls. Where does the release of hardware and OS supporting DPI on the Meraki platform sit on the product roadmap?
I don't agree with you about the important of TLS deep packet inspection. I explained why here: