The Netronome SSL Inspector™ is the industry’s highest-performance transparent proxy for Secure Sockets Layer (SSL) network communications, providing existing sniffing, recording and filtering security appliances with access to the decrypted plain text of SSL-encrypted flows.

This provides assurance that common threats, such as spam, spyware and viruses, data theft and other forms of cyber crime, are identified inside SSL flows that previously could not be examined by installed network and security appliances.

The Netronome SSL Inspector™ product line was designed to provide industry-leading SSL inspection at a fraction of the cost of other solutions. Without compromising any aspect of enterprise or government-regulated compliance, the Netronome SSL Inspector allows network security appliances to be deployed with the highest levels of flow analysis and SSL visibility while still maintaining multi-gigabit, line-rate network performance.

Beyond industry-defining performance, the Netronome SSL Inspector is the first transparent SSL proxy that both increases network security and significantly minimizes deployment and operational costs by removing costly user and network configuration.

Are You Aware of the Security Threats Hidden within Your Network?

Contact us today so we can show you how the SSL Inspector can quickly reveal hidden network security threats.

Resources

Questions? Call  1-805-277-2400

For more information, pricing, demonstration or evaluation on Netronome Systems Products please contact us here.

Security Appliances Don’t Have to be Blind to SSL Traffic

Improved Network Security and Compliance with Unparalleled Access to the Plain text of SSL Flows

Features and Benefits

The unique capabilities of the Netronome SSL Inspector remove risks arising from lack of visibility into SSL traffic while also increasing the performance of security and network appliances.

Line-rate Network Performance

Non-SSL flows can be sent to the adjacent appliance or cut-through in less than 40

microseconds, minimizing delay for applications, such as VoIP.

Supports proxying for up to 1 Gbps of SSL traffic for a variety of SSL versions and cipher suites.

Scalable Flow-based Processing

At up to 1 Gbps, the Netronome SSL Inspector supports the analysis of over 1,000,000 simultaneous flows.

High Connection Rate/Flow Count

The SSL Inspector supports 50,000 concurrently active

SSL sessions. The setup and tear down rate of 2,900 SSL sessions per second is 10x higher than other solutions

Network Transparency

The SSL Inspector can be deployed transparently to both end systems

and intermediate networking elements and does not require network configuration, IP addressing or topology changes, or modification to client IP and Web browser configurations.

Application Preservation

Intercepted plain text is delivered to security appliances as a regenerated TCP stream with the packet headers as they were received. This allows applications and appliances, such as IDS, IPS, UTM and Data Loss Prevention, to expand their scope to provide benefits for SSL encrypted traffic.

Flexibility

Supports both sniffing/recording devices like Intrusion Detection Systems (IDS) and filtering appliances, such as in-line firewalls, and Intrusion Prevention Systems (IPS).

In-line and passive modes of operation

Inbound and outbound SSL inspection

Policy Configuration

Fine-grained policy control provides the ability to cut-through non-SSL flows via 7 tuple classification and to control which SSL flows are inspected, passed through or blocked.

SSL Session Identification

The session log provides details of all SSL flows,inspected or not, allowing suspicious trends or patterns of SSL use to be detected.

SSL Policy Enforcement

Provides a single point to control usage of SSL throughout the enterprise.

High Availability

Integrated fail-to-wire/fail-to-open hardware, traffic by pass filters and configurable link state monitoring and mirroring for guaranteed network availability and network security.

Web-based Management

The SSL Inspector is configured and managed via an SSL-secured web-based graphical user interface, keeping administration simple.

E-mail Alerting

Logs can be configured to trigger alerts that can be forwarded via email immediately or at intervals to designated network administrators.

Security Functions

Encryption. . . . . . . . . . . . . . . . . . . . . . TLS1.0,TLS1.1, SSL3, partial SSL2

Proxy Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Transparent

Public Key Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RSA, DSA, DH

Symmetric Key Algorithms. . . . . . . . . . . . . . . . . . . . AES, 3DES, DES, RC4

Hashing Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MD5, SHA-1

RSA Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512, 1024, 2048 bits

Modes of Operation

IDS Passive Mode

IDS In-line Mode

IPS In-line Fail–to-network Mode

IPS In-line Fail–to-appliance Mode

Proxying Modes

Controlled-Client (Resign) Mode (in-line only)

Controlled-Server (Key-Known) Mode

Performance

Throughput. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Gbps (line-rate)

Cut-through Latency. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <40μs

Total Flows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1,000,000

SSL Flow Inspection Rate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30,000/sec.

Concurrent SSL Flow States. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50,000

SSL Flow Set ups/Tear downs. . . . . . . . . . . . . . . . . . . . . . . . . . . . 2,900/sec.

Traffic Diversion Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32,000

SSL Session Log Entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10,000,000

Specifications

Model Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SI-8000

Netronome Flow Engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NFE-i8000

Network Ports. . . . . . . . . . . . . . . . . . . . . . . . . Four Gigabit Ethernet ports

Media Types. . . . . . . . . . . . . . . . . . . . . . . . . . Twisted-pair copper or fiber

Port Speeds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1000Mbps

Connectors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . SFPs—RJ-45 or Duplex LC

Media. . . . . . . . . . . . . . . . . . . 1000 BaseT, CAT5 or better 1000 Base-SX

Data Storage. . . . . . . . . . 80GB SATA hard drive 32MB compact flash

Management Interfaces. . . . . . . . . . . . . . . . . 2x RJ-45 Gigabit Ethernet

Power. . . . . . . . . . . . . . . . . . . . . . . Two 430W redundant power supplies

High Availability . . . . . . . . . . . . . . . . 2x2 Fail-to-wire/fail-to-open card

(copper or optical interfaces)

MTBF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30,000 Hours minimal at 25°C

Diagnostic LEDs. . . . . . . . . . . . . . . . . . . . . . . . Hard Drive Activity, Power, Fail-to-wire/open, and Link/Activity status LEDs

Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LED 16x2 character display

Environmental

Operating Temperature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0°-40°C

Storage Temperature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . –10-70°C

Physical Specifications

Height (inches/mm). . . . . . . . . . . . . . . . . . . . . 3.5 inches/88.9mm (2RU)

Width (inches/mm). . . . . . . . . . . . . . . . . . . . . . . . . 17.5 inches/444.5mm

Depth (inches/mm). . . . . . . . . . . . . . . . . . . . . . . . . 19.5 inches/495.3mm

Weight (lbs./kg). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 lbs./13.15kg

Regulatory and Environmental Standards Compliance

CE(EN55022, EN55024, EN60950), FCC part 15 class 2,

CSA22.2 #60950, UL65090-1