DataPower

 View Only
  • 1.  Offloading Certificate Management from DataPower to Cloud Firewall

    Posted Fri March 15, 2024 03:50 PM

    Certificate Management for outbound service calls from DataPower to Cloud / 3rd Party Vendors requires a lot of effort and is prone to human error causing service outages.

    We have been thinking about offloading certificate management to a Cloud Firewall that automatically filters web traffic.

    The new pattern would be:  DataPower > Cloud Firewall > Cloud / 3rd Party Vendor service.  DataPower would validate the Cloud Firewall certificates.  The Cloud Firewall would handle validating all other certificates.

    Has anyone tried this before?  Any Pros / Cons to consider?  

    Thank you!



    ------------------------------
    Tyler Nelson
    Erie Insurance
    ------------------------------


  • 2.  RE: Offloading Certificate Management from DataPower to Cloud Firewall

    IBM Champion
    Posted Mon March 18, 2024 02:11 PM
    Edited by Kristen Park Tue March 19, 2024 10:14 AM

    I suspect the validation is on exact cert?  I also suspect this is for outbound from DataPower?

    Looks, on the surface, to be a good plan.  Otherwise, you're in a nightmare validation scenario, unless, you decide to trust the Cloud/3rd Party issuers rather than exact cert (which, in itself, could be considered very risky).

    My only question is, is the Cloud Firewall currently validating all other certificates ( I suspect so.. but... )

    #IBMChampion

    ------------------------------
    Joseph Morgan
    ------------------------------



  • 3.  RE: Offloading Certificate Management from DataPower to Cloud Firewall

    Posted Mon March 18, 2024 02:49 PM

    Thanks for your input!

    Yes, this is Outbound from DataPower and the Cloud Firewall is validating all other certificates.  



    ------------------------------
    Tyler Nelson
    Erie Insurance
    ------------------------------



  • 4.  RE: Offloading Certificate Management from DataPower to Cloud Firewall

    IBM Champion
    Posted Mon March 18, 2024 02:59 PM
    Edited by Kristen Park Tue March 19, 2024 10:15 AM

    What kind of error do you receive if the cloud firewall detects a bad (expired, revoked, whatever) certificate? 

    Just a curiosity question.

    #IBMChampion



    ------------------------------
    Joseph Morgan
    ------------------------------



  • 5.  RE: Offloading Certificate Management from DataPower to Cloud Firewall

    Posted Mon March 18, 2024 03:27 PM

    From a browser, the Cloud Firewall returns a 403 error.  I would imagine that would be the same if the request was coming from DataPower but we haven't tested it out yet.



    ------------------------------
    Tyler Nelson
    Erie Insurance
    ------------------------------