Content Filtering and Optimizing Scans
215
ProSecure Unified Threat Management (UTM) Appliance
Configure HTTPS (SSL) Scanning
HTTPS traffic is encrypted traffic that cannot be scanned or the data stream would not be
secure. However, the UTM can scan HTTPS traffic that is transmitted through an HTTP
proxy. The UTM can break up the SSL connection between the HTTPS server and the HTTP
client, scan the HTTPS traffic, and then rebuild the SSL connection. The following figure
shows the HTTPS scanning traffic flow.
Figure 118.
The HTTPS scanning process functions with the following principles:
• The UTM breaks up an SSL connection between an HTTPS server and an HTTP client in
two parts:
- A connection between the HTTPS client and the UTM
- A connection between the UTM and the HTTPS server
• The UTM simulates the HTTPS server communication to the HTTPS client, including the
SSL negotiation, certificate exchange, and certificate authentication. In effect, the UTM
functions as the HTTPS server for the HTTPS client.
• The UTM simulates the HTTPS client communication to the HTTPS server, including the
SSL negotiation, certificate exchange, and certificate authentication. In effect, the UTM
functions as the HTTPS client for the HTTPS server.
During SSL authentication, the HTTPS client authenticates three items:
• Is the certificate trusted?
• Has the certificate expired?
• Does the name on the certificate match that of the website?
If one of these items is not authenticated, a security alert message displays in the browser
window:
To Next Page
Loading...
Need help?
General