Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
3
Replies

Question to experts: how does the WSA / Ironport handle webmail policies?

Go to solution
Marquardt.Daniel
Level 1
Level 1

‎11-04-2014 06:48 AM

Hi there,

 

propably a very simple question, yet I don't have a WSA for my labs so here here is the situation:

I'd like to block some users from downloading attachements on the webmail portals (like yahoo and gmail), yet allowing them to send normal text-only emails. From what I know of Ironports and WSA data sheets this is something those appliances are perfectly capable of.

My question is: could someone explain to me how they handle those webmail-policies since of  most webmailer portals are operating on https?

I quite deeper insight from someone with hands-on experience would be lovely, since that has become a question of data integrity on my end ;-)

Thank you very much!

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎11-04-2014 09:05 AM

To catch the HTTPS traffic, you implement the the HTTPS proxy (its on the box).   Since its a proxy, there are 2 ssl conversations happening, one from the WSA to the web site, and one between the client and the WSA.

Attached is a Cisco doc that shows you how to set it up.

 

The "hard part" is deciding how you'll do the cert on the client side.  You can either take the WSA's demo cert and get all of your clients to trust it.  Or get a cert all of your clients trust and put it on the WSA (easy way to do this is with a MS Enterprise Cert server).  There are other discussions in this forum about that...

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ken Stieers
VIP
VIP

‎11-04-2014 09:05 AM

To catch the HTTPS traffic, you implement the the HTTPS proxy (its on the box).   Since its a proxy, there are 2 ssl conversations happening, one from the WSA to the web site, and one between the client and the WSA.

Attached is a Cisco doc that shows you how to set it up.

 

The "hard part" is deciding how you'll do the cert on the client side.  You can either take the WSA's demo cert and get all of your clients to trust it.  Or get a cert all of your clients trust and put it on the WSA (easy way to do this is with a MS Enterprise Cert server).  There are other discussions in this forum about that...

 

 

0 Helpful

Go to solution
Marquardt.Daniel
Level 1
Level 1
In response to Ken Stieers

‎11-06-2014 05:31 AM

thank you very much, that PDF helped quite a lot!

0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎11-04-2014 09:06 AM

To catch the HTTPS traffic, you implement the the HTTPS proxy (its on the box). Since its a proxy, there are 2 ssl conversations happening, one from the WSA to the web site, and one between the client and the WSA.

Attached is a Cisco doc that shows you how to set it up.

 

The "hard part" is deciding how you'll do the cert on the client side. You can either take the WSA's demo cert and get all of your clients to trust it. Or get a cert all of your clients trust and put it on the WSA (easy way to do this is with a MS Enterprise Cert server). There are other discussions in this forum about that...

0 Helpful
Customers Also Viewed These Support Documents