Does the ISA Web Prevent plugin support HTTPS ?

book

Article ID: 159971

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Web

Issue/Introduction

If one wants to detect on HTTPS traffic from a web application such as OWA by using the ISA plug-in, how can this be accomplished ?
The  documentation (ISA Integration Guide) states that HTTPS is not supported, whereas almost all OWA installations use HTTPS.

Resolution

Symantec DLP does work in both bridge and tunnel mode.
We don’t support HTTPS in a explicit forward proxy configuration because ISA can’t play man-in-the middle for SSL in that specific configuration.
However, if the bridging configuration works for reverse proxy such as OWA via SSL, then this should be transparent to us and we will be able to inspect HTTPS traffic because Prevent would inspect the unencrypted traffic. At that time any issues would be considered an ISA configuration issue that may need to be reviewed by the ISA administrator.

Microsoft's own documentation states that in addition to "tunnel mode" the ISA server can be operated in "bridge mode," in which case it operates much as a supported ICAP proxy does, with two separate encrypted streams from browser to proxy and from proxy to website.

Microsoft references regarding the different ISA operating modes:
http://technet.microsoft.com/en-us/library/cc723324.aspx
http://technet.microsoft.com/en-us/library/cc722817.aspx