Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Analysis > SSL decryption bypass
SSL decryption bypass
Web Security Help | Web Security Solutions | Version 7.8.x
When SSL support is enabled in Content Gateway to manage encrypted traffic:
*
*
*
 
Note 
Category settings
For Category settings, a predefined Privacy Category group includes categories that may be subject to regulatory requirements.
Default privacy categories include:
*
*
*
*
*
*
Traffic that involves websites in these categories may include personal identification information that should not be decrypted. In order to avoid liability for inspecting this type of information, you may want to specify some or all of these categories for decryption bypass. End users can determine that the website they are viewing is not decrypted by verifying that the certificate is the original for that site.
Use the Settings > Scanning > SSL Decryption Bypass page to select the default privacy categories for SSL decryption bypass:
1.
Click the Select Privacy Categories button. Check boxes for the website categories that constitute the default group are selected in the Category Bypass box.
2.
You can create your own set of categories for SSL decryption bypass. On the SSL Decryption Bypass page, specify individual website categories for which decryption is not performed:
1.
2.
To clear your selections from the category tree, click the Clear All button.
To remove a category or subcategory from the list, select the category and click the Remove button.
Client list
To identify a client IP address or IP address range for SSL decryption bypass:
1.
Click Add and enter the client IP address or IP address range in the Add Client Entry box, one entry per line.
When specifying an IP address range, use a "-" (hyphen) to separate the first address from the last.
Prior to 7.8.4, IPv6 addresses are valid with explicit proxy traffic only.
2.
3.
Click OK to add the entries to the list.
To modify an entry, click on the IP address and modify the entry in the Edit Client Entry box. Click OK to save your changes or Cancel to close the dialog box without saving your changes.
To remove an entry from the list, select the check box adjacent to the entry and click Delete. Confirm the action.
When you are finished, click OK to cache your changes.
Changes are not implemented until you click Save and Deploy.
Destination list
To specify a destination hostname, IP address, or IP address range for SSL decryption bypass:
1.
Click Add and enter the hostname, IP address, or IP address range in the Add Destination Entry box, one entry per line. For example: thissite.com.
*
*
*
*
*
*
2.
3.
Click OK to add the entries to the list.
To modify an entry, click on the hostname or IP address and modify the entry in the Edit Destination Entry dialog box. Click OK to save your changes or Cancel to close the dialog box without saving your changes.
To remove an entry, select the check box adjacent to the entry and click Delete. Confirm the action.
When you are finished, click OK to cache your changes.
Changes are not implemented until you click Save and Deploy.
 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Analysis > SSL decryption bypass
Copyright 2016 Forcepoint LLC. All rights reserved.