Filter
Top Products
C H A P T E R 3 SSL Processing
3-21
SSL Processing
The Intel® NetStructure™ 7110/7115 e-Commerce Accelerator
handles several SSL protocols, for example, HTTPS (which is the
default). For security purposes, you can block access to specified IPs
or ports (see “Blocking” section). Traffic that is not mapped or
blocked flows through transparently (see “Failure” section).
Supported protocols are listed below. (Ports listed are “well-known”
port assignments. Any available port may be used.)
• HTTPS 443 (default)
• IMAPS 993
• POP3S 995
• SMTPS 465
• NNTPS 563
• LDAPS 636
Mapping
NOTE: The 7110
supports a maximum of
100 mappings, while the
7115 supports up to 1000.
Keypairs and their associated certificates are referenced by a keyID.
A server is identified by a unique combination of server IP and
network port. Mapping is the process of associating a keyID with a
server (using server IP, network port, and server port). The 7110/
7115 supports two types of mapping:
• Automapping
• Manual mapping
Automapping
NOTE: Remember to
save the configuration
(with the config save
command) after making
mapping changes.
Automapped entries are identified by a server IP address of zero
(0.0.0.0). When a server IP address of zero is specified, the 7110/
7115 intercepts packets to any server IP address with the matching
network ports. As with any mapping entry, the combination of server
IP address and network port must be unique.
The initial configuration for the 7110/7115 provides an automapping
entry for network port 443 and server port 80. This is associated with
the internally generated default keypair and certificate with the keyID