NETSEC-GENERALIST Question #53: Real Exam Question with Answer & Explanation

Question

When using the perfect forward secrecy (PFS) key exchange, how does a firewall behave when SSL Inbound Inspection is enabled?

Options

• AIt acts as meddler-in-the-middle between the client and the internal server.
• BIt acts transparently between the client and the internal server.
• CIt decrypts inbound and outbound SSH connections.
• DIt decrypts traffic between the client and the external server.

Explanation

Perfect Forward Secrecy (PFS) is a cryptographic feature in SSL/TLS key exchange that ensures each session uses a unique key that is not derived from previous sessions. This prevents attackers from decrypting historical encrypted traffic even if they obtain the server's private key. When SSL Inbound Inspection is enabled on a Palo Alto Networks Next-Generation Firewall (NGFW), the firewall decrypts inbound encrypted traffic destined for an internal server to inspect it for threats, malware, or policy violations. Firewall Behavior with PFS and SSL Inbound Inspection Meddler-in-the-Middle (MITM) Role ?Since PFS prevents session key reuse, the firewall cannot use static keys for decryption. Instead, it must act as a man-in-the-middle (MITM) between the client and the internal server. Decryption Process The firewall terminates the SSL session from the external client. It then establishes a new encrypted session between itself and the internal server. This allows the firewall to decrypt, inspect, and then re-encrypt traffic before forwarding it to the Security Implications This approach ensures threat detection and policy enforcement before encrypted traffic reaches critical internal servers. However, it breaks end-to-end encryption since the firewall acts as an intermediary.

No community discussion yet for this question.