HTTPS Decryption Policy: Add Policy

HTTP > HTTPS Decryption > Policies > Add  

• Enable policy—Enable or disable the individual policy.

• Note: If you have policies disabled at the global level (through HTTP > HTTPS Decryption > Policies), the enabled status of an individual policy will be ignored.

• Policy name—Type a brief but descriptive name for the policy rule. Names must be unique, and will appear in the list of policies that appears when you click HTTP > HTTPS Decryption> Policies.

• Identification—Specify to whom the policy applies. If LDAP is enabled in the User Identification page, enter the LDAP User or Group name. Otherwise, type an IP address, a range of IP addresses, or specify the host name. MORE>>

  Important: Before choosing a Hostname, you need to prepare all clients on the LAN by running the following program on each client:

  /usr/iwss/bin/register_user_agent_header.exe

  This can be done by adding it to your Windows domain login script (or by creating one only for this purpose).

• Warning: In proxy mode, IWSVA applies HTTPS decryption policies based on the client's browser domain. However in transparency mode, because IWSVA is unable to obtain client domain information, IWSVA applies HTTPS decryption policies based on the CommonName in the server certificate received.

  Important: Before choosing Host name, you need to prepare all clients on the LAN by running the following program on each client:
  
  /Program Files/Trend Micro/IWSVA/HTTP/register_user_agent_header.exe
  
  This can be done by adding it to your Windows domain log in script (or creating one for just this purpose).

See also:

• HTTPS Decryption Policy Lists
• Decryption Rules
• Exceptions