SMB SSL-VPN: When should the Generic SSL offloading be deployed
03/26/2020 4 12003
DESCRIPTION: SMB SSL-VPN: When should the Generic SSL offloading be deployed
RESOLUTION: Generic SSL offloading is meant to be used for customer client/server applications that use SSL for security.
It is supposed to be used for custom SSL applications that require SSL offloading, that is non-HTTPS applications.
Generic offloading should NOT be deployed for HTTP/HTTPS applications since Web Application Firewall is not supported by Generic offloading. Since there is no layer 7 analysis Generic offloading is vulnerable to various HTTP/HTTPS attack such as: HTTP 30X redirects, Cross-Site Request Forgery, Cookie Tampering etc.
Other layer 7 controls such as URL rewriting, authentication controls, load balancing are also not supported by Generic SSL offloading.