Cisco Cisco Web Security Appliance S360 User Guide

C O N T R O L L I N G H T T P S T R A F F I C

C H A P T E R 1 0 : D E C R Y P T I O N P O L I C I E S

209

Figure 10-9 Applying Decryption Policy Actions

Is the URL category of the request

URL in the Decryption group’s

list of custom URL categories?

Receive HTTPS request from client.

No, continue to monitor.

Yes, action is Drop.

Yes, action is Pass-Through.

Yes, action is Decrypt.

Drop connection.

Pass through

connection.

Decrypt traffic and then evaluate

Access Policy group membership.

See Figure 8-1 on page 153.

Does the reputation score of the

destination server indicate to drop

the connection?

No, continue to monitor, or Web
Reputation is not enabled.

Yes, Drop.

Is the URL category of the request

URL in the Decryption group’s

list of predefined URL categories?

Yes, action is Drop.

Yes, action is Decrypt.

Yes, action is Pass-Through.

No, continue to monitor or
Yes, action is Monitor.

Does the reputation score of the

destination server indicate to pass

through or decrypt the connection?

Action is Pass-Through.

Is the server certificate valid?

Yes, or No, action is Monitor.

No, action is Drop.

No, action is Decrypt.

What is the default action specified

in the policy group?

Action is Decrypt.

Action is Pass-Through.

Action is Drop.

Is Web Reputation enabled?

Yes

Action is Decrypt.

Does the destination server have a

reputation score assigned?

Yes

No, action is Decrypt.

No, action is Pass-Through.

No, action
is Drop.

No, action
is Monitor.