Security considerations in TLS inspection
You must carefully consider security precautions when using TLS Inspection.
The TLS communications mediated by the engine are decrypted for inspection, and the private keys of the servers are stored in the TLS Credentials elements on the Management Server. For this reason, the following recommendations are general guidelines for ensuring the security of the engine and the
Secure SD-WAN Manager:
- Run the Management Server on a hardened operating system.
- Disable SSH access to the engine’s command line if it is not needed regularly.
- Make sure that the engine’s Control IP address is in a protected network.
- Save Management Server backups as encrypted files.