S W G U s e r G u i d e
Chapter 20: Enabling HTTPS Scanning
118
5. When done, click
Save
.
6. Continue with
Defining a Rule in an HTTPS Policy
.
Defining a Rule in an HTTPS Policy
If you duplicated a policy, it already has the same rules as were found in the original policy. You can
edit these rules. You can also create new rules from scratch.
You can specify if the rule should be applied to specific users and/or if specific users should be
excluded. One method is by specifying User Lists to which the rule should or should not apply.
Â
To define a rule in an HTTPS policy
1. In the Policy tree, expand the policy so that you display its existing rules. For instructions on
displaying the Policy tree, see
Step 1
in the procedure
Defining an HTTPS Policy
.
2. Do any of the following:
• To edit an existing rule, click the rule in the tree, and then in the main pane, click
Edit
.
• To add a rule to a policy that has no rules, or to add a rule to the bottom of the rule list in the
policy, right‐click the policy and choose
Add
Rule
.
• To add a rule directly above an existing rule, right click the existing rule, and select
Insert
Rule
.
The main window displays the Rule Definition screen. The screen contains three tabs:
General
,
Applies
, and
Except
.
3. Fill in the
General
tab as follows.
a. Enter a name for the rule.
b. Provide a description of the rule. The description is optional.
c. If the rule has an
Enable
Rule
checkbox, ensure that the checkbox is appropriately selected
or cleared depending on whether or not the rule should be enabled after being committed.
d. Choose the Rule Action, as follows, which depending on your selection, the fields in the rest of
the rule display vary:
• To block HTTPS sites, choose
Block
HTTPS
.
• If user approval is required to decrypt traffic for this site, choose
User
Approval
. This
will send an approval page to the end‐user for each new HTTPS site that is accessed. If
the end‐user chooses not to approve the transaction, the connection is closed.
• If no HTTPS or Security scanning is needed, choose
Bypass
.
Note:
The Bypass rule must be the first rule in the policy.
• If scanning is needed, choose
Inspect
Content
, and scanning will be performed first by
HTTPS rules and then by Security rules. This is the default value.
e. If you chose
Block
HTTPS
or
User
Approval
, select the End User Message from the list.
NOTE:
If
you
will
be
using
User
Lists
to
identify
users
to
which
the
rule
should
or
should
not
apply,
be
sure
to
define
those
lists.
For
instructions,
see
Defining User Lists
.
NOTE:
Rules
in
a
policy
are
checked
sequentially
from
the
top,
and
the
first
rule
to
be
activated
in
a
policy
determines
the
handling
of
the
content.
Therefore,
the
sequential
placement
of
rules
in
a
policy
is
significant.
If
no
rules
fire,
the
default
action
is
to
Inspect
Content.
For
instructions
on
moving
a
rule
within
a
policy,
see
Relocating an Item in a Tree
.
