Symantec SSL Visibility Appliance Valuable Features

Mohammad Taufeeq
Senior Network Security Engineer | Security Solutions Design Engineer at a government with 1,001-5,000 employees
There are a lot of noticeable benefits including the ability to categorize and detect a lot of URLs, hostnames, and file types. This solution is really easy to deploy as long as the implementer understands PKI as a whole. The most valuable feature is the Fail-to-Network (FTN) option, which means that if for any reason the appliance goes down then there is no interruption in traffic. It allows for easy categorization of data according to the hostname, out of the box. For example, we may not want to unencrypt certain things that are subject to compliance, such as an e-commerce site, government site, or a banking site. We can easily detect and classify these, acting accordingly once they have been classified. In a single click, I am able to specify which category of hostnames it should decrypt or not decrypt. This allows us to easily comply with enterprise policy. It is easy to bypass decryption not just by category but also by using the IP address. For instance, we have a finance minister who sits in our network and we do not want to see their internal activity. This solution allows us to bypass that traffic based on IP, whether it is the source or destination. We can also bypass decryption based on the URL. View full review »
Mohammad Taufeeq
Senior Network Security Engineer | Security Solutions Design Engineer at a government with 1,001-5,000 employees
One of the most valuable aspects of this solution is that it's easy to deploy without a lot of complications. Of course, one has to be very good at understanding the PKI as a whole. But in terms of implementation, we are utilizing Fail-to-Network, which means even if SSLV for some reason goes down, we don't get traffic interruption. In terms of SSLV's feature itself, it is very flexible in terms of whitelisting. For example, if I do not want to encrypt some things that are subject to compliance, it has easy categorization of the hostname that is out of the box. In one click I am able to dictate which hostname it should encrypt or not. It is easy to abide by the compliance policy. It is not just category-based, it is also very easy to whitelist or bypass the decryption based on IP addresses. For example, we have a finance minister who is in our network and we do not want to see all of his internet activity. It allows us to bypass it based on his IP address. There are many ways we can bypass SSL decryption. Be it destination IP, the source IP, the URL, the hostname, et cetera. This is the easiest solution and I did a little bit of research before and I could not find another solution that does this. There is also a return on investment. They have very good hardware and it is already prepaid for SSL 1.3. They have a way to do that. Not all types of versions can be decrypted. But to some extent, they can do that also, SSL 1.3. That is something amazing and most of the other vendors cannot do that. View full review »
Find out what your peers are saying about A10 Networks Thunder SSLi vs. Symantec SSL Visibility Appliance and other solutions. Updated: September 2020.
441,478 professionals have used our research since 2012.