Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SWG SSL Deep Inspection

Created: 07 Mar 2012 • Updated: 07 Mar 2012 | 1 comment
viktor.nagy's picture
This issue has been solved. See solution.

Dear All,

I've deployed SWG in proxy mode at one of or customers. Based on SWG Implementation Guide I've set up SWG to decrypt SSL traffic:

I've set up SSL Deep Inspection Settings:

  • SSL Port: 8443 (default)
  • Maximum SSL Connections: 10240 (default)
  • SSL Certificate: Use default Certificate (default)

After it I've set up a policy:

  • Applies to: All Computers
  • SSL Inspection policy
  • All Categories: Intercept All

After it I've set up the proxy at a client and I've tested it. Unfortunatelly the https traffic from eicar.com can be downloaded.

Do you have any idea, where can be problem?

 

Thanks in advance!

Viktor

 

Discussion Filed Under:

Comments 1 CommentJump to latest comment

KevK76's picture

Hi Viktor,

Virus scanning happens a bit differently when using the SSL Deep Inspection proxy, and the Web Gateway doesn't display the patience page then block page when a virus is detected but actually streams and corrupts the file when a virus is detected.  If you check the Custom Reports at the time you downloaded the file can you see the file being downloaded and detected by SWG.  If you open up notepad and drag the file into notepad(regardless of the file type) you should see some text inside the file saying SWG detected the file as a virus.

Cheers,

Kevin

 

SOLUTION