Configuring the Symantec Web Gateway proxy for SSL Deep Inspection
The Symantec Web Gateway has a Proxy Mode that you can enable to inspect the contents of SSL-encrypted network traffic. The Symantec Web Gateway can check SSL-encrypted network traffic for URL content filtering, blacklisted-domain matching, and malware. The Symantec Web Gateway can also route SSL-encrypted network traffic to Symantec Data Loss Prevention for inspection.
SSL Deep Inspection for computers in your network is not automatically enabled after you configure the proxy. To use SSL Deep Inspection, you must create one or more policies that employ SSL Deep Inspection.
SSL Deep Inspection does not support custom blacklists.
In the Web GUI, click Administration > Configuration > Proxy.
Under SSL Deep Inspection Settings, check Enable SSL Deep Inspection.
For SSL Port, type a port.
The Symantec Web Gateway proxy listens for SSL traffic at the port that you specify. If you have enabled the HTTP/S proxy, the SSL port must be different than the HTTP/S ports and cannot be 8080-8083. The default port is 8443.
Type a number for Maximum SSL Connections.
If the number of SSL connections that Symantec Web Gateway monitors exceeds this number, new connections are blocked until existing connections are closed.
The default is 10240 connections.
Select a certificate type beside SSL Certificate.
Use Default Certificate
Use the default certificate that is included in Symantec Web Gateway.
Use Imported Certificate
Use your own certificate. You must specify the certificate and key. The certificate and key must be in DER format or PEM format containing US-ASCII or UTF characters only.
The way that you import SSL certificates in Internet Explorer 9 differs from Internet Explorer 8/7.
For Internet Explorer 9, select the option to Place all certificates in the following store to import the certificate into Trusted Root Certification Authorities.
For Internet Explorer 8/7, select the option Automatically select the certificate store based on the type of certificate to import the certificate to the intermediate Certification Authorities.
For more information, see your Internet Explorer documentation.
Click Export SSL Certificate and save the default certificate.
You must import this certificate into user Web browsers if you choose the option Use Default Certificate.