DataPower

Certificate Management for outbound service calls from DataPower to Cloud / 3rd Party Vendors requires a lot of effort and is prone to human error causing service outages.

We have been thinking about offloading certificate management to a Cloud Firewall that automatically filters web traffic.

The new pattern would be:  DataPower > Cloud Firewall > Cloud / 3rd Party Vendor service.  DataPower would validate the Cloud Firewall certificates.  The Cloud Firewall would handle validating all other certificates.

Has anyone tried this before?  Any Pros / Cons to consider?  

Thank you!

------------------------------
Tyler Nelson
Erie Insurance
------------------------------

I suspect the validation is on exact cert?  I also suspect this is for outbound from DataPower?

Looks, on the surface, to be a good plan.  Otherwise, you're in a nightmare validation scenario, unless, you decide to trust the Cloud/3rd Party issuers rather than exact cert (which, in itself, could be considered very risky).

My only question is, is the Cloud Firewall currently validating all other certificates ( I suspect so.. but... )

Certificate Management for outbound service calls from DataPower to Cloud / 3rd Party Vendors requires a lot of effort and is prone to human error causing service outages.

We have been thinking about offloading certificate management to a Cloud Firewall that automatically filters web traffic.

The new pattern would be:  DataPower > Cloud Firewall > Cloud / 3rd Party Vendor service.  DataPower would validate the Cloud Firewall certificates.  The Cloud Firewall would handle validating all other certificates.

Has anyone tried this before?  Any Pros / Cons to consider?  

Thank you!

Thanks for your input!

Yes, this is Outbound from DataPower and the Cloud Firewall is validating all other certificates.  

------------------------------
Tyler Nelson
Erie Insurance

Original Message:
Sent: Mon March 18, 2024 02:11 PM
From: Joseph Morgan
Subject: Offloading Certificate Management from DataPower to Cloud Firewall

I suspect the validation is on exact cert?  I also suspect this is for outbound from DataPower?

Looks, on the surface, to be a good plan.  Otherwise, you're in a nightmare validation scenario, unless, you decide to trust the Cloud/3rd Party issuers rather than exact cert (which, in itself, could be considered very risky).

My only question is, is the Cloud Firewall currently validating all other certificates ( I suspect so.. but... )

------------------------------
Joseph Morgan

Original Message:
Sent: Fri March 15, 2024 03:49 PM
From: Tyler Nelson
Subject: Offloading Certificate Management from DataPower to Cloud Firewall

Certificate Management for outbound service calls from DataPower to Cloud / 3rd Party Vendors requires a lot of effort and is prone to human error causing service outages.

We have been thinking about offloading certificate management to a Cloud Firewall that automatically filters web traffic.

The new pattern would be:  DataPower > Cloud Firewall > Cloud / 3rd Party Vendor service.  DataPower would validate the Cloud Firewall certificates.  The Cloud Firewall would handle validating all other certificates.

Has anyone tried this before?  Any Pros / Cons to consider?  

Thank you!

------------------------------
Tyler Nelson
Erie Insurance
------------------------------

What kind of error do you receive if the cloud firewall detects a bad (expired, revoked, whatever) certificate? 

Just a curiosity question.

Thanks for your input!

Yes, this is Outbound from DataPower and the Cloud Firewall is validating all other certificates.  

I suspect the validation is on exact cert?  I also suspect this is for outbound from DataPower?

Looks, on the surface, to be a good plan.  Otherwise, you're in a nightmare validation scenario, unless, you decide to trust the Cloud/3rd Party issuers rather than exact cert (which, in itself, could be considered very risky).

My only question is, is the Cloud Firewall currently validating all other certificates ( I suspect so.. but... )

Certificate Management for outbound service calls from DataPower to Cloud / 3rd Party Vendors requires a lot of effort and is prone to human error causing service outages.

We have been thinking about offloading certificate management to a Cloud Firewall that automatically filters web traffic.

The new pattern would be:  DataPower > Cloud Firewall > Cloud / 3rd Party Vendor service.  DataPower would validate the Cloud Firewall certificates.  The Cloud Firewall would handle validating all other certificates.

Has anyone tried this before?  Any Pros / Cons to consider?  

Thank you!