Working With Encrypted Data > Enabling SSL support
|
1.
|
2.
|
|
Tunneling when a request returns an Unknown protocol error
|
1.
|
The HTTPS Proxy Server Port is the port used for client to Content Gateway connections. The default is 8080. If traffic is transparent on 443, a default ARM NAT rule readdresses the requests to 8080. See Configure > Networking > ARM: Network Address Translation.
|
2.
|
If Content Gateway is an explicit proxy and you want to allow Skype traffic, enable the Tunnel Skype option. This option is necessary because, although Skype presents an SSL handshake, Skype data flow does not conform to the SSL standard. Unless the traffic is tunneled, the connection is dropped.
|
3.
|
To tunnel HTTPS requests when the SSL handshake results in an unknown protocol error, enable Tunnel Unknown Protocols.
|
|
When Content Gateway is an explicit proxy, a URL lookup is performed and policy is applied before the SSL connection request is made. Transactions are logged as usual.
|
|
When Content Gateway is a transparent proxy, if there is an SNI in the request, Content Gateway gets the hostname from the SNI and performs URL filtering based on the hostname. Otherwise, when Content Gateway sends the connect to the server, the unknown protocol error causes the request to be tunneled without the proxy being aware of it; no transaction is logged.
|
Working With Encrypted Data > Enabling SSL support
|