HTTPS Inspection within Forefront Threat Management Gateway 2010

342185 pts.
Tags:
Endpoint security
forefront threat management gateway
https inspection
Can you tell me about HTTPS inspection within Forefront Threat Managament Gateway (TMG) 2010?

This question is from the Microsoft Live Chat which took place on July 13th.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Sure- You can use Forefront TMG to inspect inside outbound HTTPS traffic, to protect your organization from security risks such as: Viruses and other malicious content that could utilize Secure Sockets Layer (SSL) tunnels to infiltrate the organization undetected. Users who bypass the organization’s access policy by using tunneling applications over a secure channel (for example, peer-to-peer applications). To provide HTTPS protection, Forefront Threat Management Gateway (TMG) acts as an intermediary, or a “man in the middle”, between the client computer that initiates the HTTPS connection, and the secure Web site. When a client computer initiates a connection to a secure Web site, Forefront TMG intercepts the request and does the following:- Establishes a secure connection (an SSL tunnel) to the requested Web site and validates the site’s server certificate.- Copies the details of the Web site’s certificate, creates a new SSL certificate with those details, and signs it with a Certification Authority certificate called the HTTPS inspection certificate.- Presents the new certificate to the client computer, and establishes a separate SSL tunnel with it. Because the HTTPS inspection certificate was previously placed in the client computer’s Trusted Root Certification Authorities certificate store, the computer trusts any certificate that is signed by this certificate. By cutting the connection and creating two secure tunnels, the Forefront TMG server can decrypt and inspect all communication between the client computer and the secure Web site during this session.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following