Sourcefire SSL Appliance, 4-Port 1Gbps Copper w/ Bypass

Compare All Models images/stories/sourcefire-ssl.jpg
Model Sourcefire SSL Appliance
Performance and Functionality
Supported Line Speed (SSL traffic) 1Gbps
Monitoring Interfaces 2 options:
(4) Copper 1Gbps;
(4) Fiber 1Gbps
Management Interfaces RJ45
Concurrent SSL flows inspected 50,000
Total Simultaneous flows 1,000,000
SSL Set-ups & Teardowns 2,900/sec
Typical Latency (Non SSL cut-through) < 40 microseconds
Memory (RAM) 8GB
Disk Capacity 80GB
Redundancy Features
Dual Power Supplies standard
Hard drives 1
RAID Support n/a
Cooling Fans 3
Physical and Environmental
Form Factor 2U
Dimensions (DxWxH in in) 19.5 x 17.5 x 3.57
Shipping Weight (lbs) 34lbs
Amps 8@100V / 4@240V
Voltage 100-240V
Watts (max) (2) 460 (PSUs)
Operating Temperature 0°C-40°C


Sourcefire SSL: Strengthen Security with Secure Sockets Layer (SSL) Inspection

SSL-encrypted Traffic—An Easy Vehicle for Cybersecurity Attacks

SSL ApplianceSSL-encrypted traffic is exploding due to the enterprise-wide usage of cloud computing, secure e-commerce, Web 2.0 applications, email, and VPNs. Surveys show 25-35% of enterprise traffic is SSL-encrypted, and this number is up to 70% for select verticals. If not managed properly, SSL can leave a hole in any enterprise security architecture. Existing approaches to SSL-encrypted traffic range from passing everything to blocking everything. In some cases, companies deploy host-based IPS systems or install proxy SSL solutions, which can effectively inspect SSL but suffer from bottleneck issues and reduced network performance.

Decrypts SSL Traffic at 1Gbps Line Rate
The Sourcefire SSL Appliance decrypts SSL traffic and sends it to existing security and network appliances via dedicated gigabit Ethernet links. This enables existing IPS appliances to identify risks normally hidden by SSL such as regulatory compliance violations, viruses, malware, data loss, and intrusion attempts. Once the SSL traffic has been inspected and approved, the SSL Appliance places the SSL-encrypted traffic back on the network for its final destination—all with minimal latency and without altering SSL packets. Operates Transparently on Network The SSL Appliance is deployed as a transparent proxy and detects SSL sessions on all ports, not just the traditional port 443. It can run as a “bump-in-the-wire” and does not require network configuration, IP addressing or topology changes, or modification to client IP and web browser configurations. Further, transparent SSL proxies see all network traffic, not just SSL, and have the ability to cut-through non-SSL flows.

Supports Passive and Inline Configurations
The SSL Appliance supports both passive and inline configurations. When deployed passively, it sends traffic to a Sourcefire IPS also running in passive mode. Passive deployment is most useful for gaining full visibility into network traffic and what vulnerabilities may be exploited. The SSL Appliance can also be deployed inline as a “bump-in-the-wire” and operate with an IPS running in either passive or inline mode. When both the SSL Appliance and the IPS are deployed inline, they can block malicious exploit traffic. All Sourcefire SSL Appliances ship with fail-open 4-port 1G copper or fiber interfaces

Passive IDS Configuration
Passive IDS Configuration

Inline IPS Configuration
Inline IPS Configuration

The SSL Appliance is versatile enough to inspect SSL traffic in both inbound and outbound configurations. With inbound SSL inspection, the appliance inspects traffic destined for an enterprise’s web servers hosting SSL applications. With outbound SSL inspection, the appliance inspects SSL application traffic destined outside of the enterprise, such as Google Gmail traffic.


The unique capabilities of the Sourcefire SSL Appliance remove risks arising from lack of visibility into SSL traffic while also maintaining the performance of security and network appliances.

Scalable Flow-based Processing: At up to 1Gbps, the Sourcefire SSL Appliance supports the analysis of over 1,000,000 simultaneous flows.

High Connection Rate/Flow Count: The Sourcefire SSL Appliance supports 50,000 concurrent SSL sessions. The setup and teardown rate of 2,900 SSL sessions per second is 10x higher than other solutions.

Line-rate Network Performance:

»» Non-SSL flows can be sent to the adjacent appliance or cut-through in less than 40 microseconds, minimizing delay for applications such as VoIP.

»» Supports proxying for up to 1Gbps of SSL traffic for a variety of SSL versions and cipher suites.

Network Transparency: The Sourcefire SSL Appliance can be deployed transparently to both end systems and intermediate networking elements and does not require network configuration, IP addressing or topology changes, or modification to client IP and web browser configurations.

Application Preservation: Intercepted plaintext is delivered to security appliances as a regenerated TCP stream with the packet headers as they were received. This enables applications and appliances, such as Intrusion Detection System (IDS), IPS, Unified Threat Management (UTM), and Data Loss Prevention (DLP), to expand their scope to provide benefits for SSL-encrypted traffic.

• Flexibility:

»» Supports both sniffing/recording devices, such as IDS, and filtering appliances, such as inline firewalls and IPS

»» Inline and passive modes of operation

»» Inbound and outbound SSL inspection

Policy Configuration: Fine-grained policy control provides the ability to cut-through non-SSL flows via 7-tuple classification and to control which SSL flows are inspected, passed through or blocked.

SSL Session Identification: The session log provides details of all SSL flows, inspected or not, allowing suspicious trends or patterns of SSL use to be detected.

High Availability: Integrated fail-open hardware, traffic bypass filters, and configurable link state monitoring and mirroring enable guaranteed network availability and network security.

Web-based Management: The Sourcefire SSL Appliance is configured and managed via an SSL-secured web-based graphical user interface, keeping administration simple.

Email Alerting: Logs can be configured to trigger alerts that can be forwarded via email immediately or at intervals to designated network administrators.

To learn more about Sourcefire’s award-winning cybersecurity solutions, call 877-489-1113.

Free Consultation

Due to our numerous partnerships, we can provide unbiased opinions on the best solution for your environment.

Unbeatable Prices

Our partnership levels give us the highest product discounts which we pass on as savings to our customers.

Pro Services

Finish your IT projects on-time and under budget with our nation-wide team of senior level engineers.

24x7 Tech Support

Rest assured knowing that our U.S. based IT support team is here for you on nights, weekends and when you need us most.