Cisco Cisco Web Security Appliance S360 User Guide
11-14
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 11 Processing HTTPS Traffic
Evaluating Decryption Policy Group Membership
Step 5
In the HTTPS Transparent Request section, choose how the Web Proxy handles transparently redirected
HTTPS transactions it receives before an HTTP request that was authenticated using an identity with an
IP-based surrogate. Select one of the following options:
HTTPS transactions it receives before an HTTP request that was authenticated using an identity with an
IP-based surrogate. Select one of the following options:
•
Decrypt the HTTPS request and redirect for authentication
•
Deny the HTTPS request
This setting only applies to transactions that use IP address as the authentication surrogate and when the
user has not yet been authenticated.
user has not yet been authenticated.
For more information, see
.
Note
This field only appears when the appliance is deployed in transparent mode.
Step 6
In the Applications that Use HTTPS section, choose whether to enable decryption for enhanced
application visibility and control.
application visibility and control.
Enabling this setting allows the Web Proxy to detect applications that use HTTPS with better accuracy.
This setting supersedes the “Pass Through” decision made by the Web Reputation Filters as configured
in the Decryption Policies. However, the URL category decision still applies.
This setting supersedes the “Pass Through” decision made by the Web Reputation Filters as configured
in the Decryption Policies. However, the URL category decision still applies.
Note
Decryption may cause some applications to fail unless the root certificate for signing is installed
on the client. For more information on the appliance root certificate, see .
on the client. For more information on the appliance root certificate, see .
Step 7
Submit and commit your changes.
Related topics
•
•
Evaluating Decryption Policy Group Membership
After the Web Proxy assigns an Identity to a client request, it evaluates the request against the other
policy types to determine which policy group it belongs for each type.
policy types to determine which policy group it belongs for each type.
The Web Proxy applies the configured policy control settings to a client request based on the client
request’s policy group membership.
request’s policy group membership.
To determine the policy group that a client request matches, the Web Proxy considers the following
factors for group membership:
factors for group membership:
•
Identity. Each client request either matches an Identity, fails authentication and is granted guest
access, or fails authentication and gets terminated. For more information about evaluating Identity
group membership, see
access, or fails authentication and gets terminated. For more information about evaluating Identity
group membership, see
•
Authorized users. If the assigned Identity requires authentication, the user must be in the list of
authorized users in the Decryption Policy group to match the policy group.
authorized users in the Decryption Policy group to match the policy group.