Hello,
I'm facing the same kind of issue.
Genesys data action send web requests to a custom web site. I want to protect the custom website with WAF, but https traffic should be fully inspected.
Genesys accepts only public CA and reject self-signed certificates.
The firewall deep inspection only accepts Fortinet CA and self-signed certificates.
Cases opened at Genesys and Fortinet support remain unsolved.
Any suggestion will be appreciated.
Best regards,
------------------------------
Nicolas Ichah
SABIO FRANCE SAS
------------------------------
Original Message:
Sent: 05-06-2021 03:46
From: Gareth James
Subject: SSL Inspection
Hi Everyone,
Just going through a new implementation and a question has arisen when reviewing the firewall ports and services that need to be opened.
The problem statement is as follows; Based on Genesys' FAQs, SSL inspection will break the connections. The customer can put SSL inspection bypass in for the traffic however there is an issue where the destinations provided are too broad. (eg. *s3.amazonaws.com). This would mean it would not just be traffic related to the Genesys service that would not be inspected but all traffic bound for those domains which would put the customer at risk as malware could be hosted by other sites hosted there and would not be scanned by the gateways.
Just wondering if anyone has any suggestions or recommendations of best practice in this scenario?
#ArchitectureandDesign
#Security
------------------------------
Gareth James
CALLSCAN AUSTRALIA PTY. LTD.
------------------------------