Table: Differences between SSL Domain Level Inspection and SSL Deep Inspection
SSL Domain Level Inspection
SSL Deep Inspection
Symantec Web Gateway reports the access of and blocks Web sites by domain (for example, https://foo.com) or IP address. But it cannot report or inspect full URLs. Nor can it report or inspect file transfers, malware, or any data in the stream such as the content it forwards to Symantec Web Prevent (Symantec DLP server).
SSL Domain Level Inspection occurs when you do either of the following:
Send HTTPS traffic to the Symantec Web Gateway HTTP/S proxy.
Send HTTPS traffic to the SSL Deep Inspection Proxy and have no policy that intercepts the HTTPS traffic.
The custom blacklist is not supported over HTTPS.
Symantec Web Gateway reports the access of and blocks Web sites by domain, and it can inspect all of the traffic in the traffic stream. This inspection includes full URLs and file inspections. It also includes the content that it forwards to Symantec Web Prevent.
Only the SSL Deep Inspection proxy can intercept HTTPS traffic and decrypt the traffic to read the contents. Symantec Web Gateway disables the ability to intercept HTTPS traffic by default. But you can enable it through the use of policies.
You can enable the HTTP/S proxy and the SSL Deep Inspection proxy at the same time. Based on your configuration, you can route HTTPS traffic from the network to either or both proxies. You can configure each individual computer on the corporate network to send HTTPS traffic to Symantec Web Gateway HTTP/S proxy or to the SSL Deep Inspection proxy. You can configure some computers to send traffic through one proxy while other computers send traffic to the other.
The following is a simple use case scenario:
IT administrator sets up the Symantec Web Gateway proxy to protect Group A and Group B. Group B requires a higher level of security. So the administrator wants to ensure that Symantec Web Gateway decrypts and inspects all of the contents of this traffic. But the administrator does not want to decrypt or inspect Group A's or Group B's financial transactions for privacy purposes and legal purposes. So the administrator creates an SSL policy that intercepts all HTTPS traffic except for the traffic that goes to financial institutions.
The administrator creates corporate policies with a PAC file or other configuration settings to ensure that:
Group A and Group B HTTP traffic goes to the Symantec Web Gateway HTTP/S proxy.
Group A HTTPS traffic goes to the Symantec Web Gateway HTTP/S proxy.
In this scenario, SSL Domain Level Inspection occurs.
Group B HTTPS traffic goes to the SSL Deep Inspection proxy.
Per the policy, SSL Deep Inspection occurs except for the HTTPS traffic to financial institutions.