Many popular websites (such as google.com, or facebook.com) can now be accessed over an encrypted HTTPS/SSL connection. You wish to know how this will affect the application of SWG Content Filtering policies on these sites.
Depending on the mode being used, the behaviour of the Web Gateway with regard to HTTPS (aka SSL/TLS) traffic changes. This is because a HTTPS session is a point to point connection between the users browser and the remote site.
This kind of traffic cannot be intercepted by an inline SWG. However, it can be blocked by an SWG in proxy mode. However, a blocking page will only be displayed if the SWG is able to intercept and redirect the session using the SSL decryption proxy function.
The following table describes the behaviour of the SWG with regard to HTTPS/SSL traffic in a variety of situations:
SWG Mode | Blocked? | Blocking Page? |
Inline | N | N |
Proxy | Y | N |
SSL Proxy | Y | Y |
n.b. A blocking page is only displayed for SSL traffic using the properly configured SSL Decryption Proxy option (port 8443) of the SWG.