Cisco Cisco Web Security Appliance S680 Guía Del Usuario
11-3
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 11 Create Decryption Policies to Control HTTPS Traffic
Decryption Policies
no final decision on how to handle the HTTPS transaction if the server has an invalid certificate. If a
Decryption Policy is configured to block servers with a low Web reputation score, then any request to a
server with a low reputation score is dropped without considering the URL category actions.
Decryption Policy is configured to block servers with a low Web reputation score, then any request to a
server with a low reputation score is dropped without considering the URL category actions.
The following diagram shows how the Web Proxy evaluates a client request against the Decryption
Policy groups.
Policy groups.
shows the order the Web Proxy uses when evaluating control
settings for Decryption Policies.
shows the order the Web Proxy uses when
evaluating control settings for Access Policies.
Figure 11-1
Policy Group Transaction Flow for Decryption Policies
Enabling the HTTPS Proxy
To monitor and decrypt HTTPS traffic, you must enable the HTTPS Proxy. When you enable the HTTPS
Proxy, you must configure what the appliance uses for a root certificate when it sends self-signed server
certificates to the client applications on the network. You can upload a root certificate and key that your
organization already has, or you can configure the appliance to generate a certificate and key with
information you enter.
Proxy, you must configure what the appliance uses for a root certificate when it sends self-signed server
certificates to the client applications on the network. You can upload a root certificate and key that your
organization already has, or you can configure the appliance to generate a certificate and key with
information you enter.