HTTPS Inspection Rules

Define rules to decrypt HTTPS traffic from selected URL categories to apply configured secure access rules in the same way as HTTP traffic.

Action

Description

Add an HTTPS inspection rule

For more information, see Adding an HTTPS Inspection Rule.

Check an HTTPS inspection rule

  • View the basic information about an HTTPS inspection rule.

    Note:

    Trend Vision One automatically creates a default rule to decrypt all HTTPS traffic initiated from any location. When enabled, the default rule applies whenever no other HTTPS inspection rules are matched. The default rule always has the lowest priority and cannot be deleted.

Configure an HTTPS inspection rule

  • To change the basic information about an HTTPS inspection rule, click in the Action column.

  • To duplicate an HTTPS inspection rule, click in the Action column. This provides a convenient way of adding a new inspection rule with settings similar to an existing rule.

  • To delete an HTTPS inspection rule from Trend Vision One, click in the Action column .

    To delete more than one HTTPS inspection rule, select the rules and click Delete in the upper left.

Configure a default CA certificate for the Internet Acces Cloud or On-Premises Gateway to decrypt HTTPS traffic

  1. Click the Settings gear icon in the upper right.

  2. Determine and configure the default CA certificate that automatically applies to HTTPS inspection rules.

    • Built-in CA certificate provided by Internet Access: Download the certificate from the console and deploy it to the browsers of your users.

      Note:

      • The built-in CA certificate is not signed by a trusted CA on the internet. To avoid certificate warnings on browsers when users access HTTPS websites, make sure that you deploy the built-in CA certificate to the supported browsers.

      • Internet Access provides different built-in certificates for the cloud gateway and on-premises gateways.

    • Your own CA certificate: Cross-sign your organization's CA certificate and upload the cross-signed certificate to the console.

    To reset the default certificate, click Reset to Built-in Certificate.

  3. Click Save.

You can choose to use another CA certificate when configuring an HTTPS inspection rule.

Pass HTTPS requests to web servers when decryption fails

Select whether to allow your users to access HTTPS content when the Internet Access Gateway fails to decrypt HTTPS traffic for some reason.

  1. Click the Settings gear icon in the upper right.

  2. On the Bypass Mode tab, click the toggle under Pass HTTPS requests to web servers when decryption fails to enable this feature.

  3. Click Save.
  • Adding an HTTPS Inspection Rule
    Create an HTTPS inspection rule to decrypt content of specified URL categories, and apply the rule to selected locations.
  • Cross-Signing a CA Certificate
    Cross-sign your CA certificate with the Certificate Signing Request (CSR) file provided by Internet Access for use by Internet Access Gateways.
  • Deploying the Built-in CA Certificate
    Deploy the Internet Access built-in CA certificate for the Internet Access Cloud or On-Premises Gateway to use on supported browsers to avoid certificate warnings when users visit HTTPS websites.
Parent topic: HTTPS Inspection