I'd like to look at implementing it but I'm wary of all the potential caveats i.e. applications that don't play nice, and machines that are non-windows or non-domain so wouldn't get a trusted CA via Group Policy.
I've read the guides so know how to do it and what the suggested categories are to exclude, but I'd be grateful for any real-world feedback from those of you who have done this.
Also if you have custom URL categories and have a site in one of those, which takes preference in the SSL decryption rules i.e. if www.domain.com is in both "auctions" and "corp whitelist" and a decryption policy is defined to exclude "auctions" what happens?
The categories decrypted would depend on your local preference. As far as the example with the www.domain.com, it would depend on the orfer of the rule. Rules are looked at from top to bottom.
Thanks, but that isn't really what I was getting at. I wondered from other peoples experimentation if there were any "definitely don't try and decrypt XYZ" scenarios. For example I read about Microsoft Update not working.
Cases where SSL decrypt may cause issues:
The example in "Dual ISP Branch Office Configuration" does not work well together with SSl decrypt.
Applications outside the web browser may not read trusted CA's the same way as your web browser.
Bloomberg is one example.
BlackBerry /BES server may also require additional configuration steps.
If you use the web categories from Brightcloud in your SSL Decrypt rules and your users go to a lot of non-US web sites,
expect to get to know BrightClods "Suggest a new category".
Regards Paul M.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!