1 / 25
Other keys: show •
Space: good •
1-4: rate •
0: skip •
5: flag •
6: invert
Question
What is TLS Decryption (SSL Forward Proxy) on a firewall, and why is it useful?
Answer
TLS Decryption is a "controlled MITM": the firewall terminates the client's TLS session, inspects the plaintext, then re-encrypts to the real server.
* SSL Forward Proxy as a controlled MITM: decrypt-inspect-re-encrypt. *
Without it, the firewall sees only encrypted bytes for HTTPS traffic — it cannot do URL filtering, malware scanning, or content inspection on encrypted payloads. With SSL Forward Proxy, the FW becomes the man-in-the-middle on purpose.
How it works:
- Client requests
https://example.com. - Firewall intercepts, presents its own certificate to the client (signed by a CA the client trusts).
- Firewall opens a separate TLS session to the real server.
- FW decrypts → inspects → re-encrypts in both directions.
Why "controlled MITM":
- An attacker doing this would be malicious — but here, the organization owns the FW and installed its CA on every client device, so the client trusts it.
- Same cryptographic technique as a real attack — only the trust relationship makes it legitimate.
Tip: SSL Forward Proxy = legal MITM. Same break-and-inspect mechanism as mitmproxy/Burp Suite, just at the perimeter.
Go deeper:
TLS termination proxy (Wikipedia) — explains the forward-proxy MITM pattern: a private CA installed on clients lets the proxy mint per-server certs on the fly.
or press any other key
Note saved — thanks!