HTTPS Tunnels can be used to communicate between network locations with restricted connectivity - usually being locations behind NATs, firewalls, or proxy servers. Restricted connectivity is usually the result of blocked TCP/IP ports, blocked traffic initiated from outside the network or from the blocking of most network protocols. It depends on how a network can be locked down to secure it against internal and external threats.
Similar to an Approved URLs list, TMWS allows administrators to maintain a list of trusted domains or URLs, whose HTTPS traffic will not be subject to TMWS policy rules, and always be accessible by end users without being decrypted and inspected by TMWS.
TMWS also provides an exception list to let administrators add specific pages, links, or subdomains they do not want to tunnel within the trusted domains. Subsequent inspection of the matched URLs in the exception list are subject to the configured TMWS policy rules.
Before configuring HTTPS tunnels, ensure that Enable HTTPS tunneling under Global Settings is set to On.
The domains or keywords are added in the Tunneled Domains List or Exceptions List, together with the date and time when each domain was added.
All the matched URLs in the exception list are subject to the configured TMWS policy rules for subsequent inspection.
HTTPS decryption may fail because of unsuccessful SSL handshake or unexpected disconnection from the web server. In this case, choose to add the corresponding domains or URLs to the Tunneled Domains List or Exceptions List to allow their HTTPS traffic to be automatically tunneled and passed to end users or to follow the configured TMWS policy rules for inspection.
Failed HTTPS access attempts can be tracked and recorded. Logs can be queried by time and domain.
The domain information appears.
Task |
Details |
---|---|
View details on the failed HTTPS accesses |
Click the domain or URL under Domain Name.
|
Add the domain or URL to the Tunneled Domains List or Exceptions List |
If the HTTPS traffic from a domain or URL fails to be decrypted due to TMWS errors, it is automatically added to the Tunneled Domains List for a certain time period, during which the HTTPS traffic will not be decrypted.
|