How to implement the Office365 SSL interception and Authentication exemption in UPE.

book

Article ID: 220990

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

When WSS policies are managed from the portal, there is a predefined policy option to bypass Authentication and SSL interception for Office 365 traffic. This option is not available when the policy is managed from the Management Center (UPE). The exact same policy can be manually installed on the Management Center VPM.

Resolution

Install the following CPL policy onto a CPL Layer (new or existing). Make sure the CPL Layer is placed after the default SSL Intercept Layer.

(The conditions in the following rules are defined on the WSS backend policy template)

 

#if enforcement=wss

<ssl-intercept>

condition=O365_IPs_and_Domains condition=!BC_Elastica_Domain_Match ssl.forward_proxy(no)

<Proxy>

condition=O365_IPs_and_Domains condition=!BC_Elastica_Domain_List_Match authenticate(no)

#endif