Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1733
Views
0
Helpful
1
Replies

WCCP, SSL and noDecrypt

christopherhudel
Level 1
Level 1

‎09-22-2011 01:33 PM

Hello,

I had previously used another Web Security Appliance in an in-line mode and now we have implemented Ironports in a transparent proxy w/ WCCP redirection.  I want to monitor/block SSL websites from a category-only perspective, without any decryption.  How is this configuration possible in my environment?

The documentation indicates there is a "passthrough" capability but also seems to suggest fairly strongly that you still to install a certificate and perform some form of decryption?

Thoughts? thanks.

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎09-22-2011 08:54 PM

I think you could get way with it by turning off the HTTPS proxy and adding 443 to the ports for the HTTP proxy.   But you'll lose a bunch of functionality that way.  The URL gets encrypted after the SSL connection gets built, so you'll lose the granulartiy that may exist in the categories based on URL.  Also if you don't decrypt, you lose the Dynamic Content engine, and application visibility since that's all in the tunnel, which you don't see.

0 Helpful
Customers Also Viewed These Support Documents