Genesys Cloud - Main

 View Only

Sign Up

  Thread closed by the administrator, not accepting new replies.

  • 1.  SSL Inspection

    Posted 05-06-2021 03:46
    No replies, thread closed.
    Hi Everyone,

    Just going through a new implementation and a question has arisen when reviewing the firewall ports and services that need to be opened.

    The problem statement is as follows; Based on Genesys' FAQs, SSL inspection will break the connections. The customer can put SSL inspection bypass in for the traffic however there is an issue where the destinations provided are too broad. (eg. *s3.amazonaws.com). This would mean it would not just be traffic related to the Genesys service that would not be inspected but all traffic bound for those domains which would put the customer at risk as malware could be hosted by other sites hosted there and would not be scanned by the gateways.

    Just wondering if anyone has any suggestions or recommendations of best practice in this scenario?


    #ArchitectureandDesign
    #Security

    ------------------------------
    Gareth James
    CALLSCAN AUSTRALIA PTY. LTD.
    ------------------------------


  • 2.  RE: SSL Inspection

    Posted 10-21-2023 06:45
    No replies, thread closed.

    Hello,

    I'm facing the same kind of issue.

    Genesys data action send web requests to a custom web site. I want to protect the custom website with WAF, but https traffic should be fully inspected.

    Genesys accepts only public CA and reject self-signed certificates.

    The firewall deep inspection only accepts Fortinet CA and self-signed certificates.

    Cases opened at Genesys and Fortinet support remain unsolved.

    Any suggestion will be appreciated.

    Best regards,



    ------------------------------
    Nicolas Ichah
    SABIO FRANCE SAS
    ------------------------------



Related Content