Tunnels added by the administrator

In some cases, administrators might determine that there is no need to decrypt certain HTTPS traffic. HTTPS tunnels allow administrators to maintain a list of trusted domains or URLs, whose HTTPS traffic are not subject to HTTPS decryption rules and policies, and are always accessible by end users without being decrypted and inspected by Deep Discovery Web Inspector.

Deep Discovery Web Inspector also provides an exception list to let administrators add specific pages, links, or sub-domains they do not want to tunnel within the trusted domains. Subsequent inspection of the matched URLs in the exception list are subject to the configured HTTPS inspection and policy rules.

Auto tunnels added by Deep Discovery Web Inspector

Deep Discovery Web Inspector automatically adds tunnels in response to certain HTTPS error codes along with the corresponding traffic's fingerprint pattern belonging to the defined browsers.

After tunneling the traffic, the corresponding fingerprint pattern and the domain of the traffic is added as a record to the domain tunnel list with a 24 hour expiration date. This allows time for the administrator to remedy issues that are causing the HTTPS errors because the errors might otherwise prevent decryption from taking place. Because this might result in affected HTTPS traffic being blocked, administrators have 24 hours to correct issues before any HTTPS traffic is blocked because of the listed errors.

Administrators can remove these domain tunnels before the 24 hour expiration if they wish to immediately block HTTPS traffic that has not been scanned.