We have a hosted server which accessible from the outside that is using a domain name cert. for ssl connections I want to decrypt the connections to be inspected for this specific server , i saw some articles but i guess they are talking about ssl decryption for all the connections
i don't want sensor performance to be degraded by enabling it globally I need the ssl decryption just for this specific server
note that it's a virtual server
enabling the SSL decryption feature is a global option, but the SSL decryption will only happen for inbound connections where the certificate is loaded on the sensor and the connection matches the certificate.
There should be minimal impact on sessions where the certificate is not loaded.
so no need to make any other changes in configurations , right?
bear in mind that the server that i want to offload is citrix for application acceleration (client to server ) and citrix uses bitmap .
will I have any addtional security from mcafee ips by decrypting such connection ? or just enabling the signatures related to citrix are enough to protect my server with out decryption ?
no further changes are necessary. You may want to keep an eye on sensor performance dashboards in the threat analyzer as the SSL decryption could add some additional load, but I wouldn't expect a lot from one server.
The ssl decryption will allow all HTTP based attacks that require clear text for detection to be used against the ssl server.