Because encrypted HTTPS connections can carry the
same risks as unencrypted HTTP connections, you can configure
Deep Discovery Web
Inspector to decrypt and scan selected HTTPS traffic for
potential risks and threats.
You can deploy HTTPS decryption rules to enable decryption and inspection of
specific HTTPS network traffic based on the following criteria:
-
Decryption source
Sources include: Any, Selected users and
groups, Selected network objects, and
Guest users
 |
Note
You can add exceptions if you configure Selected users and
groups or Selected network objects as the
decryption source.
|
-
Decryption categories
-
Decryption domain objects
To scan HTTPS traffic, Deep Discovery Web
Inspector
identifies the SSL connection at the first packet of the SSL handshake, acquires the
client IP address information from the session, and identifies the URL categories
of the
target domain.
-
If the client IP is included in the selected network objects for
Decryption source and the target domain is in the configured
Decryption Domain Objects, then the traffic will match this policy and
will be decrypted.
-
If certain traffic matches multiple policies, the policy with the highest
priority will take effect, and the traffic will be re-signed using the certificate
configured in that policy. Deep Discovery Web
Inspector will not decrypt
the connection if it does not match any network objects (from decryption source field),
URL categories, or domain objects specified in the HTTPS decryption rules.
-
After the HTTPS traffic to be inspected and the policy to use is identified, Deep Discovery Web
Inspector re-signs the website certificate using that policy's
CA certificate and decrypts and inspects the traffic and then determines the appropriate
actions for traffic based on configured policies.
