Your organization has a requirement to log all traffic, including searches to Google. By default Google redirects users to an SSL-encrypted page, so the proxy can't see the actual search query and results.

According to Google, you can use a different host which will NOT redirect to HTTPS - nosslsearch.google.com. They mention that you need to create a DNS CNAME on the DNS server(s) configured on the SG.

There is an easier way. You can forward traffic that was originally destined to www.google.com to their nosslsearch server. This is achieved by following these steps:

1. Create a forwarding host as follows (Configuration -> Forwarding -> Forwarding Hosts -> New



2. Open VPM, create a Forwarding layer with a rule like this:



The elements break out like this:





3. Install policy and browse to www.google.com. You'll notice that you are now using an HTTP connection instead of HTTPS (you can tell by the fact that there is a globe instead of a lock icon in front of the URL):



As you can also see, this even works with country redirects.

Keep in mind that this only works for Google web searches (which Google automatically redirect to HTTPS) - image, video and other searches do not use SSL by default. Google Plus and Google mail (googlemail, Gmail) will need full SSL-Interception, as do Google Drive and other services that use SSL by default.

IMAGE SEARCH:

You can force Google image search to use https by manually browsing to https://images.google.com/.

If you want to redirect this search as well, you can add another rule (as described in #2), but instead of using "www.google." as the host field entry, use "images.google." - make sure you select "At beginning" for the host field.