By supporting the use of SSL certificates and keys, Silver Peak provides deduplication for Secure Socket Layer (SSL) encrypted WAN traffic:
n Silver Peak decrypts SSL data using the configured certificates and keys, optimizes the data, and transmits data over an IPSec tunnel. The peer Silver Peak appliance uses configured SSL certificates to re-encrypt data before transmitting.
n To see which SSL certificates exist on a specific appliance, you must access the appliance directly through the WebUI or the Command Line Interface (CLI).
• X509 Privacy Enhanced Mail (PEM), Personal Information Exchange (PFX), and RSA key 1024-bit and 2048-bit certificate formats.
• SAN (Subject Alternative Name) certificates. SAN certificates enable sharing of a single certificate across multiple servers and services.
• Protocol versions: SSLv3, SSLv3.3, TLS1.0, TLS1.1, TLS1.2
• Cipher algorithms: AES128, AES256, RC4, 3DES
• Digests: MD5, SHA1
• Configure the tunnels bilaterally for IPSec mode.
To do so, access the Tunnels template and for Mode, select ipsec.
• Verify that TCP acceleration and SSL acceleration are enabled.
To do so, access the Optimization Policies tab, and review the Set Actions.
n If you choose to be able to decrypt the flow, optimize it, and send it in the clear between appliances, then access the System template and select SSL optimization for non-IPsec tunnels.
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |