• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Collective Software ClearTunnel SSL proxy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Collective Software ClearTunnel SSL proxy Page: [1]
Login
Message << Older Topic   Newer Topic >>
Collective Software ClearTunnel SSL proxy - 7.Feb.2007 11:21:00 AM   
mjgraves@tisecurity.

 

Posts: 73
Joined: 19.Jun.2006
Status: offline
I am looking into the Collective Software ClearTunnel SSL proxy product for ISA server.  I need to inspect outbound HTTPS traffic.

Microsoft recommends this as an ISA add on.

Does anyone have any experience with this or can comment on it?

I am interested in testing it.

Thanks.
Post #: 1
RE: Collective Software ClearTunnel SSL proxy - 20.Feb.2007 8:10:30 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi MJ,

I've been using it and haven't run into any problems. It does do what it says -- inspects content hidden inside SSL tunnels. Pretty nice software and not too difficult to configure.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to mjgraves@tisecurity.)
Post #: 2
RE: Collective Software ClearTunnel SSL proxy - 8.May2007 3:44:10 PM   
gltrusty

 

Posts: 9
Joined: 12.Mar.2007
Status: offline
Tom's response is promising.  We're looking into something like ClearTunnel as well.  However, my company doesn't have a PKI in place just yet.  Does anyone know of any tricks to make this work without a PKI?

(in reply to tshinder)
Post #: 3
RE: Collective Software ClearTunnel SSL proxy - 8.May2007 7:46:44 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
You don't need a full-on PKI infrastrucutre, you can setup a Certificate Server and issue the certificates and then deploy them to the clients.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to gltrusty)
Post #: 4
RE: Collective Software ClearTunnel SSL proxy - 9.May2007 3:12:47 PM   
gltrusty

 

Posts: 9
Joined: 12.Mar.2007
Status: offline
Thanks Tom, I think that would work as well.  Our fear with that scenario is it may become overburdenson to manage the certs on our 10k dynamic clients.  We really do need an enterprise PKI.  Wouldn't it work if we used a cert that's already trusted by the clients, such as on from Verisign or Entrust, on the ClearTunnel server?

Thanks again for your help.  This sites is invaluable!
Lee

(in reply to tshinder)
Post #: 5
RE: Collective Software ClearTunnel SSL proxy - 11.May2007 10:51:07 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Lee,

It should work fine with a commercial certificate. As long as the clients trust the cert presented by the ISA Firewall for the SSL connection, that's all that's required.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to gltrusty)
Post #: 6
RE: Collective Software ClearTunnel SSL proxy - 11.May2007 3:04:34 PM   
gltrusty

 

Posts: 9
Joined: 12.Mar.2007
Status: offline
Tom, thanks for confirming that for me.  I appreciate your help.

Lee

(in reply to tshinder)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Collective Software ClearTunnel SSL proxy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts