Sad to say, this is not a good solution. Any firewall can be taught to detect this if it’s not using https. If it is, this usually requires state approved certificates, so any firewall can just man in the middle. I guess this targets the same gateway astorr bridges. Using big load balancers to shuttle traffic via an unblocked big IP like google toa an app in the google network that acts as a proxy. It works, butt not out of the box sadly.
Sad to say, this is not a good solution. Any firewall can be taught to detect this if it’s not using https. If it is, this usually requires state approved certificates, so any firewall can just man in the middle. I guess this targets the same gateway astorr bridges. Using big load balancers to shuttle traffic via an unblocked big IP like google toa an app in the google network that acts as a proxy. It works, butt not out of the box sadly.
All the examples in the spec itself are https.
I guess that’s a magic bullet then… Just ensure you are using a certificate chain that’s not issued by a authority inside the country.
Along that line, I’d be self signing and requiring a specific client cert to allow connection.
But yes absolutely good point