Lynx SSL/TLS Decryptor

Find out more about the latest model of Wheel Lynx SSL/TLS Decryptor - Infinity - providing a throughput of 50 Gbps!

Available from July 15, 2017

Wheel Lynx SSL/TLS Decryptor enables transparent SSL/TLS traffic decryption for further analysis by DLP/IDS/IPS systems.

The appliance works in transparent bridge mode intercepting selected network traffic. SSL sessions pass through Wheel Lynx SSL/TLS Decryptor transparently so the client software thinks it connects directly to the target server as it uses the original address of the target host. The decrypted network traffic is forwarded to the dedicated DLP/IDS/IPS device for evaluation. Wheel Lynx SSL Inspector encrypts data again and sends it over to the target server. The DLP/IDS/IPS systems can order Wheel Lynx SSL/TLS Decryptor to terminate the connection. Unencrypted traffic, which can also pass through Wheel Lynx SSL/TLS Decryptor, is forwarded to the IDS/IPS without being modified.

Features

Main features

  • signed and self-signed certificates handling
  • Server Name Indication (SNI)
  • OCSP support
  • decrypt once feed many
  • selective whitelisting based on categories
  • network bypass
  • whitelisting source and target hosts
  • whitelist subscription service
  • supports connections initialized as encrypted (such as HTTPS) as well as protocols, which can begin encrypted transmission by executing the StartTLS command (e.g. SMTP)
  • TLS SNI (Server Name Indication) extension support

Supported protocols

  • SSL 2.0
  • SSL 3.0
  • TLS 1.0
  • TLS 1.1
  • TLS 1.2
  • TLS 1.3*

Business advantages

Integrating SSL decryptor with DLP/IDS/IPS systems enables a thorough analysis of network traffic. Decrypted traffic is analyzed for signs of security and data breaches. It is possible to detect viruses, unauthorized document copying as well as malware attacks.

  • L1 L3 L10 L25 LInfinity
    SSL/TLS Throughput 1Gbps 3Gbps 10Gbps 25Gbps 50Gbps
    Concurrent SSL/TLS sessions 25,000 50,000 250,000 500,000 1,000,000
    Full handshakes (RSA 1024 bit) 1,500/s 3,000/s 15,000/s 30,000/s 100,000/s
    Full handshakes (RSA 2048 bit) 750/s 1,500/s 5,000/s 10,000/s 50,000/s
    Maximum number of network interfaces 10x1 Gbps 10x1 Gbps 1x1 Gbps
    24x10 Gbps
    1x1 Gbps
    24x10 Gbps
    1x1 Gbps
    32x10 Gbps
    Size 1U 1U 2U 2U 3U
  • White List is a list of URLs and IP addresses excluded from decryption. The list is maintained by Wheel Systems and it contains URLs and IP addresses of financial, medical and religious institutions. Wheel Lynx SSL/TLS Decryptor automatically downloads the list and allows for adding user-defined records.

Contact form

Are you interested in our products? Contact us.