Cisco Cisco Web Security Appliance S670 User Guide

10-23

Cisco IronPort AsyncOS 7.0 for Web User Guide

OL-23079-01

Chapter 10 Decryption Policies

Enabling the HTTPS Proxy

Step 3

Verify the Enable HTTPS Proxy field is enabled.

Step 4

In the Transparent HTTPS Ports field, enter the ports the appliance should check
for HTTPS traffic. Port 443 is the default port.

Note

This field appears only when the appliance is deployed in transparent
mode.

Step 5

In the HTTPS Transparent Request section, choose how the Web Proxy handles
transparently redirected HTTPS transactions it receives before an HTTP request
that was authenticated using an identity with an IP-based surrogate. Select one of
the following options:

•

Decrypt the HTTPS request and redirect for authentication

•

Deny the HTTPS request

This setting only applies to transactions that use IP address as the authentication
surrogate and when the user has not yet been authenticated.

For more information, see

Understanding How Authentication Affects HTTPS

and FTP over HTTP Requests, page 7-6

Note

This field only appears when the appliance is deployed in transparent
mode.

Step 6

In the Applications that Use HTTPS section, choose whether or not to enable
decryption for enhanced application visibility and control.

Enabling this setting allows the Web Proxy to detect applications that use HTTPS
with better accuracy. This setting supersedes the “Pass Through” decision made
by the Web Reputation Filters as configured in the Decryption Policies. However,
the URL category decision still applies.

Note

Decryption may cause some applications to fail unless the root certificate
for signing is installed on the client. For more information, see

Using

Decryption with the AVC Engine, page 10-19

. For more information on

the appliance root certificate, see

Working with Root Certificates,

page 10-16