About Scanning Encrypted Traffic

By default the Symantec Web Security Service does not intercept inbound HTTPS traffic from destination web locations and applications. With the default configuration, the WSS applies content filtering policy to the furthest extent possible; however, it cannot apply policies to transactions that require deeper inspection, such as web application controls or malware scanning. Enabling SSL interception allows the WSS to decrypt HTTPS connections, examine the contents, and perform policy checks.

To retain the security of personal private information, Symantec recommends excluding some content filtering categories from termination and inspection. By default, the WSS does not intercept HTTPS traffic categorized as Brokerage/Trading, Financial Services, and Health, because this content usually involves private, sensitive personal account information. Additionally, for mobile devices, the WSS does not intercept traffic from a list of specific applications as these applications are known to break when intercepted on mobile devices.

To view which applications the WSS bypasses, see: KB Article

Tip: If your policy allows uploading and downloading attachments in Gmail, you must enable SSL Interception. See Define a User-Based Web Applications Policy.

Tip: All Intermediate CAs used for certificate emulate are signed with SHA-2 (SHA256).

Next Step

Alternate Media