Skip to content

Impact Assessment

The Impact Assessment feature helps you understand and predict how changes to your cryptographic configurations will affect client connectivity. Whether you’re upgrading TLS versions or modifying cipher suites, AQtive Guard analyzes your network traffic to identify the exact client IP addresses that would lose connectivity.

By revealing potential service disruptions before deployment, Impact Assessment enables informed, proactive migration decisions and prevents service outages.

Demo

Launch our interactive demo: Impact Assessment

Use

To use the Impact Assessment feature:

  1. Select Inventory from the main menu, then select TLS configs.

  2. Locate the IP address you want to assess, and select Details at the end of its row.

    Tip

    You can filter by IP address, supported TLS versions, or unsupported TLS versions to narrow down the displayed list. For detailed guidance on using IP address filters, refer to TLS config IP address filtering.

  3. Select Assess remediation impact at the top of the page.

  4. On the Setup screen, choose the minimum supported TLS version you want to assess, then select Run assessment.

View Impact Assessment results

Once you’ve defined and simulated your proposed TLS configuration changes, your impact assessment results demonstrate how these changes would affect your current network traffic.

Overall access

AQtive Guard processes historical handshake data against your proposed modifications to accurately predict client connectivity.

This allows you to visualize the potential consequences of your changes. For any given configuration, you’ll see how many client IP addresses would experience failed handshakes, as well as how many would maintain successful connectivity.

To help you plan a smooth migration, AQtive Guard provides a detailed breakdown of every handshake for each impacted source IP address.

SNI access

This table provides a view of handshake results for each SNI (Server Name Indication):

  • SNI - the SNI string that clients attempted to access.
  • Handshakes - the total number of handshake attempts observed for this specific SNI.
  • Result - a percentage breakdown of successful and failed handshakes for all handshakes to this SNI under the proposed configuration.

Source IP access

This table provides a detailed look at how individual client IP addresses would be affected:

  • Source IP - the client IP address that tried to make the connection.
  • SNI accessed by source IP - the SNI the client tried to reach during the handshake.
  • Failed handshakes - the number of handshakes from this Source IP that would fail with the new simulated configuration.
  • Passed handshakes - the number of handshakes from this Source IP that would still pass with the new simulated configuration.

For each connection attempt listed, you can see the specific SNI that was accessed and the simulated outcome (whether it would fail or pass with the new configuration).