Cisco Cisco Web Security Appliance S670 User Guide
10-23
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 10 Decryption Policies
Enabling the HTTPS Proxy
Step 3
Verify the Enable HTTPS Proxy field is enabled.
Step 4
In the Transparent HTTPS Ports field, enter the ports the appliance should check
for HTTPS traffic. Port 443 is the default port.
for HTTPS traffic. Port 443 is the default port.
Note
This field appears only when the appliance is deployed in transparent
mode.
mode.
Step 5
In the HTTPS Transparent Request section, choose how the Web Proxy handles
transparently redirected HTTPS transactions it receives before an HTTP request
that was authenticated using an identity with an IP-based surrogate. Select one of
the following options:
transparently redirected HTTPS transactions it receives before an HTTP request
that was authenticated using an identity with an IP-based surrogate. Select one of
the following options:
•
Decrypt the HTTPS request and redirect for authentication
•
Deny the HTTPS request
This setting only applies to transactions that use IP address as the authentication
surrogate and when the user has not yet been authenticated.
surrogate and when the user has not yet been authenticated.
For more information, see
Note
This field only appears when the appliance is deployed in transparent
mode.
mode.
Step 6
In the Applications that Use HTTPS section, choose whether or not to enable
decryption for enhanced application visibility and control.
decryption for enhanced application visibility and control.
Enabling this setting allows the Web Proxy to detect applications that use HTTPS
with better accuracy. This setting supersedes the “Pass Through” decision made
by the Web Reputation Filters as configured in the Decryption Policies. However,
the URL category decision still applies.
with better accuracy. This setting supersedes the “Pass Through” decision made
by the Web Reputation Filters as configured in the Decryption Policies. However,
the URL category decision still applies.
Note
Decryption may cause some applications to fail unless the root certificate
for signing is installed on the client. For more information, see
for signing is installed on the client. For more information, see
. For more information on
the appliance root certificate, see