Virtual Secure Web Gateway

 View Only

  • 1.  SWG SSL Filtering ( inline+Proxy)

    Posted Mar 27, 2014 10:21 AM

    Hello all. I am deploying Virtual SWG in my envoirement and I need to implement the following functionality.

    I need to filter some HTTPS URLs not the whole domain via SSL deep inspection through inline + proxy mode in the virtual envoirement. for example if I want to filter some specific URLs within youtube ( not the whole website)  which is using HTTPS how can this be achieved in this mode ? How to display blocked pages for HTTPS website sfor users ?

    what policies do I need to configure ? Secondly in inline + proxy mode do i need to configure my inline IP address within User's browsers ? or will it be transparent for the users ?

    What mechanism does SWG use for decrypting the SSL traffic from the users ? does it download certificates of the webistes from internet which users are accessing ?

    Regards,



  • 2.  RE: SWG SSL Filtering ( inline+Proxy)

    Posted Mar 27, 2014 11:00 AM

    Any 1 help ?



  • 3.  RE: SWG SSL Filtering ( inline+Proxy)

    Posted Mar 28, 2014 12:58 AM

    would anyone like to comment on this ?



  • 4.  RE: SWG SSL Filtering ( inline+Proxy)

    Posted Mar 28, 2014 01:03 AM

    Hello Outrageous,

    I am not SWG expert but provide some of articles if help you.

    Can SWG Block an HTTPS address?

    Article:TECH98131 | Created: 2009-01-16 | Updated: 2011-09-23 | Article URL http://www.symantec.com/docs/TECH98131

    Symantec Web Gateway (SWG) considerations and behavior when an external proxy is used

    Article:TECH178689 | Created: 2012-01-11 | Updated: 2012-01-12 | Article URL http://www.symantec.com/docs/TECH178689

    How SSL Deep Inspection differs from SSL Domain Level Inspection

    Article:HOWTO54200 | Created: 2011-06-08 | Updated: 2011-06-08 | Article URL http://www.symantec.com/docs/HOWTO54200

    Please see this thread

    https://www-secure.symantec.com/connect/forums/webgateway-inline-mode-https



  • 5.  RE: SWG SSL Filtering ( inline+Proxy)

    Posted Mar 28, 2014 01:10 AM

    Thanks James, I have already read those articales but I am looking for some specific solution what are not addressed them. Regards,



  • 6.  RE: SWG SSL Filtering ( inline+Proxy)
    Best Answer

    Posted Mar 28, 2014 06:29 AM

    Sooooo, in order to block specific parts of a SSL encrypted site, you must be using SSL Deep Insepction.  More info on SSL Deep Inspection can be found below (with further useful links inside this article):

    http://www.symantec.com/docs/HOWTO54180

    Essentially though (in bullet points):

    • SWG must in proxy mode
    • Enable SSL Deep Inspection
    • Download SWG's cert and distribute to clients
    • Configure clients to use SWG's LAN/WAN IP address and ports (for https and http respectively) as proxy via GPO/PAC/WPAD/whatever
    • Configure SWG Policy for SSL Deep Inspection Inteception
    • Configure SWG Policy for filtering (with a lower priority)

    As far as blocking pages go, the below articles are quite handy:
    http://www.symantec.com/docs/TECH175244
    http://www.symantec.com/docs/TECH206412

    And to answer your final question, the whole SSL Deep Inspection process works in a man-in-the-middle scenario.  Clients create a SSL connection to the SWG, the SWG creates a SSL connection to the external website.



    • 7.  RE: SWG SSL Filtering ( inline+Proxy)

      Posted Apr 14, 2014 06:07 AM

      Any Symantec Employee would please like to comment on this ? Regards



    • 8.  RE: SWG SSL Filtering ( inline+Proxy)

      Posted Apr 27, 2014 09:50 AM

      Thanks for your help SM , issue is resloved now :) Regards