New to OpenText Core?
Check out our Getting Started topic for tips, the new Administrator Guide, or visit our YouTube page for helpful videos!
Version Release Notes Archive:
You can now check out the history of current and past releases of OpenText Core in the Release Notes Archive category via the left-hand menu.

firewall integration for SSL decryption of Core network traffic

edited May 27 in General

Hi,

I work at a company where ICT security is very
important. We use a ‘Palo Alto Networks next-generation firewall’.

I have been testing OpenText Core, currently only
in a basic scenario but we are considering Content Server integration.
We could only get the client integration to work when
disabling SSL decryption on the firewall for the
network  traffic to and from Core.
This decryption is a must for us
as we want to stop virusses and malware coming through the firewall and
also to enforce policies for outgoing traffic.

My question is: is any specific integration between Open
Text Core and Palo Alto foreseen on the roadmap?
Tagged:

Comments

  • Hi Pieter,

    Greetings!

    Thanks for considering using CORE software.  If I understand you correctly, filtering traffic to/from CORE using your firewall only works if SSL is disabled?  Is that a self-signed certificate or did you purchased from an SSL vendor? 


    Jerry David
    CORE Community Moderator
  • ..also, I need to verify your CORE tenant account name? 

    Thanks!


  • Hi Jerry,

    thanks for answering!   I asked our security engineer to formulate a correct answer:

    It only works if SSL decryption
    on the firewall is disabled.

    This  means that the
    OpenText Core client is using a client certificate to allow for mutual
    authentication during SSL setup with the Opentext Core cloud server, which is a
    good thing of course. The downside is that our Palo Alto firewall cannot decrypt
    the SSL traffic to scan files for malware that are downloaded from OpenText
    Core.

     

    What security solutions do you
    recommend to make sure that all files that are transferred via Opentext Core
    are malware free?

    Does Opentext core support a
    CASB solution? Some of these CASB solutions have built-in anti-malware
    functionality.


    We don't have a core tenant account just yet. I only have this personal account.

     

    Thanks

    Best regards



     



  • Hi Pieter, 
     
    OpenText is very meticulous when it comes to security.  Have you asked your security team if your SSL were self-signed?

    I've also tried reaching on our Marketing and I'll update here if in case there are any upcoming project for CORE and Palo Alto blending together. 


    Jerry David
    CORE Community Moderator

  • Hi Jerry,



    Yes, our internal SSL
    certificates are all self-signed.



    Pieter Jan

  • Hi Pieter, 

    There's no problem self-signing a certificate, however there are risk in doing that.  At the time of this writing, OpenText CORE only works for digital certificates coming from a valid CA (Certificate Authority). 

     
    Jerry David
    CORE Community Moderator
  • OK, thanks for that info


    Pieter Jan Hermans