How SSL Deep Inspection differs from SSL Domain Level Inspection
|Article:HOWTO54200|||||Created: 2011-06-08|||||Updated: 2011-06-08|||||Article URL http://www.symantec.com/docs/HOWTO54200|
Table: Differences between SSL Domain Level Inspection and SSL Deep Inspection describes how SSL Domain Level Inspection differs from SSL Deep Inspection.
Table: Differences between SSL Domain Level Inspection and SSL Deep Inspection
You can enable the HTTP/S proxy and the SSL Deep Inspection proxy at the same time. Based on your configuration, you can route HTTPS traffic from the network to either or both proxies. You can configure each individual computer on the corporate network to send HTTPS traffic to Symantec Web Gateway HTTP/S proxy or to the SSL Deep Inspection proxy. You can configure some computers to send traffic through one proxy while other computers send traffic to the other.
IT administrator sets up the Symantec Web Gateway proxy to protect Group A and Group B. Group B requires a higher level of security. So the administrator wants to ensure that Symantec Web Gateway decrypts and inspects all of the contents of this traffic. But the administrator does not want to decrypt or inspect Group A's or Group B's financial transactions for privacy purposes and legal purposes. So the administrator creates an SSL policy that intercepts all HTTPS traffic except for the traffic that goes to financial institutions.
The administrator creates corporate policies with a PAC file or other configuration settings to ensure that:
Table: Use case scenarios describes what occurs when users in each group attempt to access certain Web sites.
Table: Use case scenarios
A user from Group A or Group B goes to http://blacklisted_domain.com
A user from Group A or Group B goes to https://blacklisted_domain.com
A user from Group A or Group B tries to download a virus from http://site_with_virus.com/virus_file.exe/
A user from Group A tries to download a virus from https://site_with_virus.com/virus _file.exe/
A user from Group B tries to download a virus from https://site_with_virus.com/virus_file.exe/
A user from Group A tries to download a financial statement text file from https://my_bank.com/monthly_statement.txt
A user from Group B tries to download a financial statement text file from https://my_bank.com/monthly_statement.txt
Article URL http://www.symantec.com/docs/HOWTO54200