Enable SSL interception in Cloud SWG (formerly known as WSS)
search cancel

Enable SSL interception in Cloud SWG (formerly known as WSS)

book

Article ID: 165563

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

  • How do I enable SSL interception for the Symantec Cloud SWG?
  • How do I bypass certain sites or categories from SSL interception for the Cloud SWG?
  • After enabling SSL Interception, the service apparently does not intercept some sites.

Resolution

Enable SSL interception

To enable SSL interception:

  1. Log in to your Cloud SWG account (portal.threatpulse.com).
  2. In Service Mode, select Network > SSL.
  3. Select On.
  4. Click Activate.

After you enable SSL interception, your end users might begin receiving SSL warnings in the browser because the CA which signs the intercepted traffic is not automatically trusted by the browsers.

You must manually download the Web Security Service SSL Root Certificate and install it into the browser Trusted Root Certification Authorities. This can normally be pushed out to your browsers through your internal organizations group-policy.

See Install the SSL root certificate below.

Install the SSL root certificate in Internet Explorer and Chrome.

To install the SSL Root Certificate manually

  1. In the Cloud SWG portal, navigate to Service -> Network -> SSL Interception.
  2. Under the SSL Root Certificate section, click Download.
  3. In the Start menu, search for and open Internet Options.


     
  4. In the Internet Options window, click on the Content tab, then click Certificates.


     
  5. Click on Import.


     
  6. Click Next on the Import Wizard.
  7. Click Browse and find the CertEmulationCA.crt file that you downloaded earlier. Then click Next.
  8. Click Browse and select Trusted Root Certification Authorities from the list.

  9. Click Next and then Finish.
  10. Click Yes on the security warning that pops up.

By default, the following categories are not intercepted, as they might contain private/personal information:

  • Brokerage/Trading
  • Financial Services
  • Health

To edit these categories, select Pass Through Categories and tick the categories to bypass SSL interception (or clear any categories).

You can also bypass specific domains or IP addresses. Click Pass Through Destinations.

Additional information

See About Scanning Encrypted Traffic.

See Create SSL Policy.