Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Collective Software ClearTunnel SSL proxy
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Collective Software ClearTunnel SSL proxy - 7.Feb.2007 11:21:00 AM
|
|
|
mjgraves@tisecurity.
Posts: 41
Joined: 19.Jun.2006
Status: offline
|
I am looking into the Collective Software ClearTunnel SSL proxy product for ISA server. I need to inspect outbound HTTPS traffic.
Microsoft recommends this as an ISA add on.
Does anyone have any experience with this or can comment on it?
I am interested in testing it.
Thanks.
|
|
|
|
|
RE: Collective Software ClearTunnel SSL proxy - 20.Feb.2007 8:10:30 AM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi MJ,
I've been using it and haven't run into any problems. It does do what it says -- inspects content hidden inside SSL tunnels. Pretty nice software and not too difficult to configure.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Collective Software ClearTunnel SSL proxy - 8.May2007 3:44:10 PM
|
|
|
gltrusty
Posts: 6
Joined: 12.Mar.2007
Status: offline
|
Tom's response is promising. We're looking into something like ClearTunnel as well. However, my company doesn't have a PKI in place just yet. Does anyone know of any tricks to make this work without a PKI?
|
|
|
|
|
RE: Collective Software ClearTunnel SSL proxy - 8.May2007 7:46:44 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
You don't need a full-on PKI infrastrucutre, you can setup a Certificate Server and issue the certificates and then deploy them to the clients.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Collective Software ClearTunnel SSL proxy - 9.May2007 3:12:47 PM
|
|
|
gltrusty
Posts: 6
Joined: 12.Mar.2007
Status: offline
|
Thanks Tom, I think that would work as well. Our fear with that scenario is it may become overburdenson to manage the certs on our 10k dynamic clients. We really do need an enterprise PKI. Wouldn't it work if we used a cert that's already trusted by the clients, such as on from Verisign or Entrust, on the ClearTunnel server?
Thanks again for your help. This sites is invaluable!
Lee
|
|
|
|
|
RE: Collective Software ClearTunnel SSL proxy - 11.May2007 10:51:07 AM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Lee,
It should work fine with a commercial certificate. As long as the clients trust the cert presented by the ISA Firewall for the SSL connection, that's all that's required.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Collective Software ClearTunnel SSL proxy - 11.May2007 3:04:34 PM
|
|
|
gltrusty
Posts: 6
Joined: 12.Mar.2007
Status: offline
|
Tom, thanks for confirming that for me. I appreciate your help.
Lee
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
