yeah, i figured that title would grab your attention..
I've been around here a while but i'm still a noob so go easy on me. I'm asking this bunch because folks here seem to be a bit kinder and more open to answering odd-ball questions rather than answering back with the question "why would you do that??" on other forums like pfsense. so with that in mind, regardless if it's not something any of you would do, i'm just trying to understand, if it's possible, how to do it.
as of now, the squid package is looking to be deprecated for the next release of pfsense, so there goes clamav and (from what i originally thought but seems that i might be wrong) a proxy package to do mitm tls decryption for deep packet inspection.
from what i've been reading and from what chatgpt tells me this is not the case, as haproxy is very much able to perform full tls termination, plus briding, plus a few other things that i'm still trying to learn about.
my question(s) are as follows:
1) is it possible have haproxy terminate/decrypt ssl on the wan, from there forward all traffic to an in-line linux box (that has a full antivirus suit) for packet inspection, in which the traffic is then forwarded BACK to the pfsense box, and while all traffic is fully decrypted have it further scanned by suricata (or snort if that's your bag), and finally re-encrypted (either by haproxy or nginx) on the lan interface to the clients?
it seems like it would be very much possible..
2) would i have to install a cert on all client pc's? or is this something that a wpad-pac setup could accomplish so that certs wouldn't be needed (because an auto config setup would be best for phones and road warrior laptops for obvious reasons), and yes, i'd prefer to have traffic that started out as encrypted be reencrypted (like email and financial, etc..).
3) if i wanted EVERYTHING inspected, do i have to install multiple certs for different applications?
i sorta struggle with this because 1) i'm still trying to figure out the mechanics behind certs, and 2) i'm not sure how to articulate the specifics of my questions. i'd have to see it all drawn out as i ask said specifics, which i know is impossible on these forums.
thanks for all your patience!
I've been around here a while but i'm still a noob so go easy on me. I'm asking this bunch because folks here seem to be a bit kinder and more open to answering odd-ball questions rather than answering back with the question "why would you do that??" on other forums like pfsense. so with that in mind, regardless if it's not something any of you would do, i'm just trying to understand, if it's possible, how to do it.
as of now, the squid package is looking to be deprecated for the next release of pfsense, so there goes clamav and (from what i originally thought but seems that i might be wrong) a proxy package to do mitm tls decryption for deep packet inspection.
from what i've been reading and from what chatgpt tells me this is not the case, as haproxy is very much able to perform full tls termination, plus briding, plus a few other things that i'm still trying to learn about.
my question(s) are as follows:
1) is it possible have haproxy terminate/decrypt ssl on the wan, from there forward all traffic to an in-line linux box (that has a full antivirus suit) for packet inspection, in which the traffic is then forwarded BACK to the pfsense box, and while all traffic is fully decrypted have it further scanned by suricata (or snort if that's your bag), and finally re-encrypted (either by haproxy or nginx) on the lan interface to the clients?
it seems like it would be very much possible..
2) would i have to install a cert on all client pc's? or is this something that a wpad-pac setup could accomplish so that certs wouldn't be needed (because an auto config setup would be best for phones and road warrior laptops for obvious reasons), and yes, i'd prefer to have traffic that started out as encrypted be reencrypted (like email and financial, etc..).
3) if i wanted EVERYTHING inspected, do i have to install multiple certs for different applications?
i sorta struggle with this because 1) i'm still trying to figure out the mechanics behind certs, and 2) i'm not sure how to articulate the specifics of my questions. i'd have to see it all drawn out as i ask said specifics, which i know is impossible on these forums.
thanks for all your patience!