1 個回答
- 最新
- 最多得票
- 最多評論
0
Hi,
Currently AWS Network Firewall does not support TLS decryption. This is why you cannot identify what app is running on port 443.
Reference: https://aws.amazon.com/network-firewall/faqs/
** Q: Can AWS Network Firewall inspect encrypted traffic? **
AWS Network Firewall does not currently support deep packet inspection for encrypted traffic. To work around this limitation, you can decrypt traffic using a Network Load Balancer (NLB) before sending it to an AWS Network Firewall endpoint. Also, for HTTPS traffic, AWS Network Firewall can inspect the domain name provided by the Server Name Indicator (SNI) during the TLS handshake.
Best, Diego
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
it sometimes looks like this in the logs, when it seem to be the same session, when one record shows no app_proto, mostly the most recent log timestamp src_ip src_port dest_ip proto dest_port app_proto az 2022-02-20T11:15:24.000 10.10.0.225 45214 32.24.176.158 TCP 443 eu-west-1a 2022-02-20T11:15:24.000 10.10.0.225 45214 32.24.176.158 TCP 443 tls eu-west-1a 2022-02-20T11:15:24.000 10.10.0.225 45214 32.24.176.158 TCP 443 tls eu-west-1a 2022-02-20T11:15:24.000 10.10.0.225 45214 32.24.176.158 TCP 443 tls eu-west-1a and for some destinations it never gets the L7 protocol