cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1765
Views
0
Helpful
1
Replies

WCCP, SSL and noDecrypt

Hello,

I had previously used another Web Security Appliance in an in-line mode and now we have implemented Ironports in a transparent proxy w/ WCCP redirection.  I want to monitor/block SSL websites from a category-only perspective, without any decryption.  How is this configuration possible in my environment?

The documentation indicates there is a "passthrough" capability but also seems to suggest fairly strongly that you still to install a certificate and perform some form of decryption?

Thoughts? thanks.

1 Reply 1

I think you could get way with it by turning off the HTTPS proxy and adding 443 to the ports for the HTTP proxy.   But you'll lose a bunch of functionality that way.  The URL gets encrypted after the SSL connection gets built, so you'll lose the granulartiy that may exist in the categories based on URL.  Also if you don't decrypt, you lose the Dynamic Content engine, and application visibility since that's all in the tunnel, which you don't see.