Adding an HTTPS Inspection Rule

Create an HTTPS inspection rule to decrypt content of specified URL categories, and apply the rule to selected locations.

  1. Go to Zero Trust Secure Access > Secure Access Configuration > Internet Access Configuration.
  2. Click the HTTPS Inspection tab.
  3. Click Add.
  4. Specify a Rule name and a Description.
  5. Automatically activate the HTTPS inspection rule by enabling the Status toggle.
  6. Configure Locations by selecting one of the following:

    • All locations: The rule affects users from all gateways, IP addresses, and geographic locations.

    • Selected locations: The rule only affects users located at specified corporate network locations or public/home network locations with specified IP addresses or geographic regions.

    For more information, see Internet Access Gateways and Corporate Network Locations.

  7. Select the URLs that the rule applies to.

    (Optional) Click Add Custom URL Category to specify new Custom URL Categories.

  8. (Optional) Click Manage Inspection Exceptions to exclude HTTPS requests towards certain domains from being inspected by the Internet Access Gateway. For more information, see Inspection Exceptions.
  9. Click the Certificate tab.

    The default CA certificate configured for the Internet Access Cloud and On-Premises Gateway on the Manage Default Certificate screen automatically loads.

  10. (Optional) If you want to use another CA certificate in the current rule, perform the following steps:
    1. Click Custom certificate under the desired gateway type.
    2. Cross-sign your CA certificate with the CSR file specific for the gateway type.
    3. Click Upload Custom Certificate and upload the cross-signed CA certificate to the console.
  11. Click Save.
Parent topic: HTTPS Inspection Rules