A: TippingPoint devices inspect all traffic as long as said traffic is NOT encrypted. By definition, SSL traffic is encrypted, so while the device cannot inspect the encrypted traffic, it will attempt to do so, thus causing additional load on the system. It is a recommended best practice to utilize Inspection Bypass rules to bypass encrypted traffic.
If SSL traffic inspection is required, TippingPoint offers the Threat Protection System (TPS) family of devices. The TPS devices (with appropriate SSL license) decrypt SSL traffic between clients and site servers and sends decrypted traffic to the device for analysis. After inspection, the SSL traffic is re-encrypted and sent on its way.
Device support - the following TPS devices support SSL inspection:
- T-Series (2200T)
- TX-Series (5500TX, 8200TX, 8400TX)
- Virtual Threat Protection System (vTPS) (performance mode only)