cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1078
Views
0
Helpful
2
Replies

transparent wsa and https traffic

mulhollandm
Level 1
Level 1

folks

 

i've deploying a S300V in transparent mode and using wccp

 

i have a single policy allowing http and https

 

http works fine but https doesn't

 

i can see both sets of requests go out through my outer firewalls but the https handshake doesn't get past the client hello

 

the VM is being used on a guest wifi network so clients won't be authenticated, won't have a common root certificate and i don't want to decrypt traffic

 

tac are telling me i need to enable the https proxy but i can't as clients won't have the root certificate required

 

do i need to use https proxy?

 

thanks to anyone taking the time to reply

 

2 Replies 2

You still have to use the https proxy if you're going to use HTTPS, even if you're not going to decrypt.  If it doesn't decrypt, it passes through the certs from the site, so your users shouldn't see an issue. (I haven't tested this so I won't guarentee it...)

 

Ken,

 

If I dont to decrypt HTTPS but still want the traffic to be inspected for URL and web reputation, do I need to upload a root certificate still? I would have assume not as I do not want to decrypt HTTPS but the GUI doesn't allow me to enal HTTPS Proxy without uploading a certificate; basically I cannot "Enable HTTPS Proxy" and submit without a cert.

 

Basically what I just want to do is just pass through the HTTPS traffic to be check against the Access policies that the HTTP is being checked against.

 

Is this viable? If so can you let me know how I can achieve the above?

 

Thanks