Many firewalls on the market support the concept of SSL Bridging and SSL Tunneling. Microsoft firewalls that support this functionality include:
- Internet Security and Acceleration (ISA)
- Forefront Threat Management Gateway (TMG)
What is the difference between SSL Bridging and SSL Tunneling?
SSL Bridging involves decrypting the traffic on the firewall, inspecting the HTML code and filtering it for malware and any content policies that may be applied. The traffic is then re-encrypted usually using a different certificate provided by an Internal Certificate Authority and passing it onto the end client.
SSL Tunneling involves relaying the traffic unmodified still encrypted with the digital certificate to the end client. No filtering can be applied when a router is configured with SSL Tunneling.
Some companies may not wish to have SSL Bridging configured. When dealing with sensitive traffic such as online banking, I for one would be very concerned if I saw the SSL traffic coming to me with a certificate from an Internal Certificate Authority!