LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is TLS Decryption (SSL Forward Proxy) on a firewall, and why is it useful?

TLS Decryption is a "controlled MITM": the firewall terminates the client's TLS session, inspects the plaintext, then re-encrypts to the real server.

Firewall terminates the client TLS with a forged cert, opens its own TLS to the server, decrypts and re-encrypts.

* SSL Forward Proxy as a controlled MITM: decrypt-inspect-re-encrypt. *

Without it, the firewall sees only encrypted bytes for HTTPS traffic — it cannot do URL filtering, malware scanning, or content inspection on encrypted payloads. With SSL Forward Proxy, the FW becomes the man-in-the-middle on purpose.

How it works:

  1. Client requests https://example.com.
  2. Firewall intercepts, presents its own certificate to the client (signed by a CA the client trusts).
  3. Firewall opens a separate TLS session to the real server.
  4. FW decrypts → inspects → re-encrypts in both directions.

Why "controlled MITM":

  • An attacker doing this would be malicious — but here, the organization owns the FW and installed its CA on every client device, so the client trusts it.
  • Same cryptographic technique as a real attack — only the trust relationship makes it legitimate.

Tip: SSL Forward Proxy = legal MITM. Same break-and-inspect mechanism as mitmproxy/Burp Suite, just at the perimeter.

Go deeper:

From Quiz: INTROL / Firewall Advanced Lab (Lab 6) | Updated: Jul 05, 2026