Virtual Secure Web Gateway

 View Only
  • 1.  SWG SSL Deep Inspection

    Posted Mar 07, 2012 04:18 AM

    Dear All,

    I've deployed SWG in proxy mode at one of or customers. Based on SWG Implementation Guide I've set up SWG to decrypt SSL traffic:

    I've set up SSL Deep Inspection Settings:

    • SSL Port: 8443 (default)
    • Maximum SSL Connections: 10240 (default)
    • SSL Certificate: Use default Certificate (default)

    After it I've set up a policy:

    • Applies to: All Computers
    • SSL Inspection policy
    • All Categories: Intercept All

    After it I've set up the proxy at a client and I've tested it. Unfortunatelly the https traffic from eicar.com can be downloaded.

    Do you have any idea, where can be problem?

     

    Thanks in advance!

    Viktor

     



  • 2.  RE: SWG SSL Deep Inspection
    Best Answer

    Posted Mar 07, 2012 05:59 AM

    Hi Viktor,

    Virus scanning happens a bit differently when using the SSL Deep Inspection proxy, and the Web Gateway doesn't display the patience page then block page when a virus is detected but actually streams and corrupts the file when a virus is detected.  If you check the Custom Reports at the time you downloaded the file can you see the file being downloaded and detected by SWG.  If you open up notepad and drag the file into notepad(regardless of the file type) you should see some text inside the file saying SWG detected the file as a virus.

    Cheers,

    Kevin