secure-peering traffic-type

Configuration Mode Commands : SteelHead Configuration Commands : Secure Peering (Secure Inner Channel) Commands : secure-peering traffic-type

Controls the type of traffic sent through the secure inner channel.

Syntax

secure-peering traffic-type <type>

Parameters

<type>

Traffic type:

• ssl-only - The peer client-side SteelHead and the server-side SteelHead authenticate each other and then encrypt and optimize all SSL traffic: for example, HTTPS traffic on port 443. This is the default setting.

• ssl-and-secure-protocols - The peer client-side SteelHead and the server-side SteelHead authenticate each other and then encrypt and optimize all traffic traveling over the following secure protocols: SSL, SMB Signing, SMB2 Signing, and encrypted MAPI. When you select this traffic type, SMB-Signing, SMB2 Signing, and MAPI Encryption must be enabled.

• all - The peer client-side SteelHead and the server-side SteelHead authenticate each other and then encrypt and optimize all traffic. Only the optimized traffic is secure; pass-through traffic is not.

Usage

In RiOS v6.0 or later, encrypted peering extends beyond traditional SSL traffic encryption. In addition to SSL-based traffic like HTTPS that always needs a secure inner channel between the client-side and the server-side SteelHead, you can use the secure inner channel to encrypt and optimize other types of traffic as well:

MAPI-encrypted, SMB-signing, and Lotus Notes encrypted traffic which require a secure inner channel for certain outer connections.

All other traffic that inherently does not need a secure inner channel.

When you use the secure inner channel, all data between the client-side and the server-side SteelHeads are sent encrypted over the secure inner channel. You configure the SteelHeads as SSL peers so that they trust one another as WAN optimization peers.

The SteelHeads authenticate each other by exchanging certificates and negotiating a separate encryption key for each intercepted connection. The trust between the SteelHeads is bidirectional; the client-side SteelHead trusts the server-side SteelHead, and vice versa.

All outer connections between the client and the client-side SteelHead and between the server and the server-side SteelHead create a corresponding secure inner connection between the SteelHeads. The inner connections that correspond to the outer connections of the selected traffic are encrypted.

If you are securing SMB-Signed traffic, SMB2-Signed traffic, Lotus Notes traffic, or Encrypted MAPI traffic, you must enable the protocol.

• To enable SMB Signing, see protocol cifs smb signing enable

• To enable SMB2 Signing, see protocol smb2 signing enable

• To enable Lotus Notes Optimization, see protocol notes enable

• To enable Encrypted Optimization, see protocol mapi encrypted enable

For detailed information, see the SteelHead Management Console User’s Guide.

Example

amnesiac (config) # secure-peering traffic-type all

Product

SteelHead CX, SteelHead EX, SteelHead-v, SteelHead-c

Related Commands

show secure-peering scep