Cisco Cisco Web Security Appliance S160 Guía Del Usuario
7-3
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 7 Create Decryption Policies to Control HTTPS Traffic
Decryption Policies
The following diagram shows how the Web Proxy evaluates a client request against the Decryption
Policy groups.
Policy groups.
shows the order the Web Proxy uses when evaluating control
settings for Decryption Policies.
Figure 7-3 on page 7-13
shows the order the Web Proxy uses when
evaluating control settings for Access Policies.
Figure 7-1
Policy Group Transaction Flow for Decryption Policies
Enabling the HTTPS Proxy
To monitor and decrypt HTTPS traffic, you must enable the HTTPS Proxy. When you enable the HTTPS
Proxy, you must configure what the appliance uses for a root certificate when it sends self-signed server
certificates to the client applications on the network. You can upload a root certificate and key that your
organization already has, or you can configure the appliance to generate a certificate and key with
information you enter.
Proxy, you must configure what the appliance uses for a root certificate when it sends self-signed server
certificates to the client applications on the network. You can upload a root certificate and key that your
organization already has, or you can configure the appliance to generate a certificate and key with
information you enter.
Once the HTTPS Proxy is enabled, all HTTPS policy decisions are handled by Decryption Policies. Also
on this page, you can configure what the appliance does with HTTPS traffic when the server certificate
is invalid.
on this page, you can configure what the appliance does with HTTPS traffic when the server certificate
is invalid.