Traditionally, network managers have deployed best-of-breed, single-function security appliances to protect against attacks, intrusion and other threats. However, solutions such as WAF, NGFW, IDS/IPS and DDoS protection either lack the ability to decrypt and inspect SSL traffic – the majority of traffic today – or high volumes of SSL traffic can overwhelm their in-built SSL resources, robbing processing cycles and impacting performance.
The AVX Series offers high-performance SSL processing hardware to help ensure robust throughput for security VAs. In addition, SSL decryption, load balancing and security VAs can be orchestrated into service chains to maximize the efficiency and effectiveness of individual point security products. In the example below, a virtual ADC decrypts SSL traffic, which is then passed through a virtual NGFW, virtual IPS/IDS, virtual TAP before being re-encrypted by a second virtual ADC and forwarded to its destination. In this way, each discreet security device is able to do what it does best, with the advantage of full visibility into SSL traffic and the benefit of pre-processing by other security VAs to provide the higher quality security services.