Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Roadmap for SSL Deep Packet Inspection

KrisWithaK
Conversationalist
‎Jul 18 2019 12:43 PM
‎Jul 18 2019 12:43 PM

Roadmap for SSL Deep Packet Inspection

I'm reading reports stating that as much as 72% of Internet traffic is SSL encrypted.  Aside from just having an effective endpoint security solution, deep packet inspection at the edge is a critical function of modern firewalls.  Where does the release of hardware and OS supporting DPI on the Meraki platform sit on the product roadmap?

 

Thank you!

0 Kudos
Subscribe
7 Replies 7
jdsilva
Kind of a big deal
‎Jul 18 2019 12:57 PM
‎Jul 18 2019 12:57 PM

You mean this: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/HTTPS_Inspection  ??

 

It's in beta now. Call support and request it be enabled.

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
Subscribe
In response to jdsilva
KrisWithaK
Conversationalist
‎Jul 23 2019 12:37 PM
‎Jul 23 2019 12:37 PM

This is great.  I imagine that turning this on severely impacts performance as it does with every firewall.  It makes me wonder if Meraki has some higher-performance MX models coming out to meet that challenge in the enterprise. 

0 Kudos
Subscribe
In response to KrisWithaK
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 23 2019 12:40 PM
‎Jul 23 2019 12:40 PM

>I imagine that turning this on severely impacts performance as it does with every firewall.

 

Basically you take a 90% performance hit.  It turns a 1Gb/s MX into a 100Mb/s MX.

 

You can use group policy to selectively apply it to only certain clients to alievaite this somewhat.

 

This is the instructions for configuring TLS decryption.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/HTTPS_Inspection

0 Kudos
Subscribe
In response to PhilipDAth
KrisWithaK
Conversationalist
‎Jul 23 2019 12:58 PM
‎Jul 23 2019 12:58 PM

Thanks, Philip.  I work in telecommunications, and we sell a lot of Meraki.  I am finding a serious lack of DPI support here, and I am hoping to soon have an option for my more security-conscious customers.  And hey, if they have information that important to protect, they will have the budget for a bigger firewall, so hopefully Meraki will follow the official release with something north of the MX450.

0 Kudos
Subscribe
jillescas
Conversationalist
‎Jul 18 2019 1:56 PM
‎Jul 18 2019 1:56 PM

You can call support to enable beta caracteristics.

 

greetings.

0 Kudos
Subscribe
In response to jillescas
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jul 18 2019 3:58 PM
‎Jul 18 2019 3:58 PM

DPI SSL is fast becoming an issue. The problem I see is by inspecting SSL traffic you are actually breaking what SSL was designed for which was to be encrypted traffic.

 

I would have also thought more than 90% of internet traffic would be SSL TBH.

btr.net.nz
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 18 2019 5:21 PM
‎Jul 18 2019 5:21 PM

@KrisWithaK wrote:

I'm reading reports stating that as much as 72% of Internet traffic is SSL encrypted.  Aside from just having an effective endpoint security solution, deep packet inspection at the edge is a critical function of modern firewalls.  Where does the release of hardware and OS supporting DPI on the Meraki platform sit on the product roadmap?

 

I don't agree with you about the important of TLS deep packet inspection.  I explained why here:

https://community.meraki.com/t5/Security-SD-WAN/MX-HTTPS-Inspection-Coming/m-p/45872/highlight/true#...

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.