What kind of error do you receive if the cloud firewall detects a bad (expired, revoked, whatever) certificate?
Just a curiosity question.
Original Message:
Sent: Mon March 18, 2024 02:48 PM
From: Tyler Nelson
Subject: Offloading Certificate Management from DataPower to Cloud Firewall
Thanks for your input!
Yes, this is Outbound from DataPower and the Cloud Firewall is validating all other certificates.
------------------------------
Tyler Nelson
Erie Insurance
Original Message:
Sent: Mon March 18, 2024 02:11 PM
From: Joseph Morgan
Subject: Offloading Certificate Management from DataPower to Cloud Firewall
I suspect the validation is on exact cert? I also suspect this is for outbound from DataPower?
Looks, on the surface, to be a good plan. Otherwise, you're in a nightmare validation scenario, unless, you decide to trust the Cloud/3rd Party issuers rather than exact cert (which, in itself, could be considered very risky).
My only question is, is the Cloud Firewall currently validating all other certificates ( I suspect so.. but... )
------------------------------
Joseph Morgan
Original Message:
Sent: Fri March 15, 2024 03:49 PM
From: Tyler Nelson
Subject: Offloading Certificate Management from DataPower to Cloud Firewall
Certificate Management for outbound service calls from DataPower to Cloud / 3rd Party Vendors requires a lot of effort and is prone to human error causing service outages.
We have been thinking about offloading certificate management to a Cloud Firewall that automatically filters web traffic.
The new pattern would be: DataPower > Cloud Firewall > Cloud / 3rd Party Vendor service. DataPower would validate the Cloud Firewall certificates. The Cloud Firewall would handle validating all other certificates.
Has anyone tried this before? Any Pros / Cons to consider?
Thank you!
------------------------------
Tyler Nelson
Erie Insurance
------------------------------