Purpose: Configure HTTPS profiles to identify IPv4 HTTPS traffic and exclude specific URL categories from IPv4 HTTPS inspection.
Location: Policies > SECURITY PROFILES > Security Profiles > HTTPS
The default ports are 443 and 8443. HTTPS traffic with a destination port from this list is decrypted and scanned.
When enabled, if Cloud Edge cannot decrypt website traffic on the first visit, the website is put into an approved list and subsequent traffic in not decrypted and scanned. The web page including pictures and CSS are shown. There is a risk that this might bypass scanning of malicious websites.
When disabled (the default), the user can continue to the website by selecting within the browser to trust the Cloud Edge certificate, and then Cloud Edge will display the web page. Pictures and CSS files are not shown.
Supported on Cloud Edge 6.0 SP1 and later gateways.
URL Category Exceptions and Source Address Exceptions have higher priority than Auto Smart Bypass.
When disabled (the default), Cloud Edge generates a warning if the secured web site’s server certificate is invalid. A user must select within the browser warning whether to proceed to the website.
When enabled, Cloud Edge automatically trusts a certificate even if it is not valid. User will not see the browser warning for invalid certificate and cannot see certificate detail. The user does not have a chance to decide whether to visit the secured website, but always goes to the site without any prompt. It is possible that a user could visit a malicious website and might be infected without notice if Cloud Edge scanning does not find the attack.
See URL Category Groups.
Source address exceptions bypass HTTPS traffic inspection and allow endpoints access to all HTTPS traffic from those addresses.
HTTPS inspection is performed only on IPv4 traffic. IPv6 traffic is not decrypted and scanned. IPv6 HTTPS traffic passes through to the end points without scanning.