Why decrypt?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-13-2016 09:19 PM
If we're strictly doing web filtering and the appliance can still detect and filter HTTPS sites with SSL inspection off, why would we want to decrypt? Solely for the extra granularity like blocking facebook games and such?
- Labels:
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2016 05:17 AM
One example could be that AMP on the WSA finds malicious downloads that your desktop AV would miss. Or Data loss prevention that you can inspect what your users are uploading to cloud-services.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2016 05:21 PM
Another case is for user authentication, Here are the options in WSA HTTPs Proxy configuration.
Decrypt for Authentication: |
Enabled |
Decrypt for End-User Notification: |
Enabled |
Decrypt for End-User Acknowledgement: |
Enabled |
Decrypt for Application Detection: |
Disabled |
