How SSL Deep Inspection differs from SSL Domain Level Inspection

Article:HOWTO54200  |  Created: 2011-06-08  |  Updated: 2011-06-08  |  Article URL http://www.symantec.com/docs/HOWTO54200
Article Type
How To


Environment

Subject


How SSL Deep Inspection differs from SSL Domain Level Inspection

Table: Differences between SSL Domain Level Inspection and SSL Deep Inspection describes how SSL Domain Level Inspection differs from SSL Deep Inspection.

Table: Differences between SSL Domain Level Inspection and SSL Deep Inspection

SSL Domain Level Inspection

SSL Deep Inspection

Symantec Web Gateway reports the access of and blocks Web sites by domain (for example, https://foo.com) or IP address. But it cannot report or inspect full URLs. Nor can it report or inspect file transfers, malware, or any data in the stream such as the content it forwards to Symantec Web Prevent (Symantec DLP server).

SSL Domain Level Inspection occurs when you do either of the following:

  • Send HTTPS traffic to the Symantec Web Gateway HTTP/S proxy.

  • Send HTTPS traffic to the SSL Deep Inspection Proxy and have no policy that intercepts the HTTPS traffic.

Note:

The custom blacklist is not supported over HTTPS.

Symantec Web Gateway reports the access of and blocks Web sites by domain, and it can inspect all of the traffic in the traffic stream. This inspection includes full URLs and file inspections. It also includes the content that it forwards to Symantec Web Prevent.

Only the SSL Deep Inspection proxy can intercept HTTPS traffic and decrypt the traffic to read the contents. Symantec Web Gateway disables the ability to intercept HTTPS traffic by default. But you can enable it through the use of policies.

See Configuring the Symantec Web Gateway proxy for SSL Deep Inspection.

See Configuring policies for SSL Deep Inspection.

You can enable the HTTP/S proxy and the SSL Deep Inspection proxy at the same time. Based on your configuration, you can route HTTPS traffic from the network to either or both proxies. You can configure each individual computer on the corporate network to send HTTPS traffic to Symantec Web Gateway HTTP/S proxy or to the SSL Deep Inspection proxy. You can configure some computers to send traffic through one proxy while other computers send traffic to the other.

The following is a simple use case scenario:

IT administrator sets up the Symantec Web Gateway proxy to protect Group A and Group B. Group B requires a higher level of security. So the administrator wants to ensure that Symantec Web Gateway decrypts and inspects all of the contents of this traffic. But the administrator does not want to decrypt or inspect Group A's or Group B's financial transactions for privacy purposes and legal purposes. So the administrator creates an SSL policy that intercepts all HTTPS traffic except for the traffic that goes to financial institutions.

The administrator creates corporate policies with a PAC file or other configuration settings to ensure that:

  • Group A and Group B HTTP traffic goes to the Symantec Web Gateway HTTP/S proxy.

  • Group A HTTPS traffic goes to the Symantec Web Gateway HTTP/S proxy.

    In this scenario, SSL Domain Level Inspection occurs.

  • Group B HTTPS traffic goes to the SSL Deep Inspection proxy.

    Per the policy, SSL Deep Inspection occurs except for the HTTPS traffic to financial institutions.

Table: Use case scenarios describes what occurs when users in each group attempt to access certain Web sites.

Table: Use case scenarios

Scenario

Result

A user from Group A or Group B goes to http://blacklisted_domain.com

  • Symantec Web Gateway blocks this traffic.

  • Symantec Web Gateway reports that this user was blocked from going to http://blacklisted_domain.com.

A user from Group A or Group B goes to https://blacklisted_domain.com

  • Symantec Web Gateway blocks this traffic.

  • Symantec Web Gateway reports that this user was blocked from going to https://blacklisted_domain.com.

A user from Group A or Group B tries to download a virus from http://site_with_virus.com/virus_file.exe/

  • Symantec Web Gateway inspects the file and blocks the virus download.

  • Symantec Web Gateway reports that the virus was blocked from being downloaded from http://site_with_virus.com/virus_file.exe/.

A user from Group A tries to download a virus from https://site_with_virus.com/virus _file.exe/

  • Symantec Web Gateway does not block the virus.

  • Symantec Web Gateway reports that the user went to https://site_with_virus.com/ .

A user from Group B tries to download a virus from https://site_with_virus.com/virus_file.exe/

  • Symantec Web Gateway inspects the file and blocks the virus download.

  • Symantec Web Gateway reports that the virus was blocked from being downloaded from https://site_with_virus.com/virus_file.exe/.

A user from Group A tries to download a financial statement text file from https://my_bank.com/monthly_statement.txt

  • Symantec Web Gateway reports that the user went to https://my_bank.com/.

  • Symantec Web Gateway does not inspect the file.

A user from Group B tries to download a financial statement text file from https://my_bank.com/monthly_statement.txt

  • Symantec Web Gateway reports that the user went to https://my_bank.com.

  • Symantec Web Gateway does not inspect the file.


Legacy ID



v57233063_v58977240


Article URL http://www.symantec.com/docs/HOWTO54200


Terms of use for this information are found in Legal Notices