ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual

Table 6-10. HTTPS Settings

Setting

Description (or Subfield and Description)

 

 

HTTP Tunneling

Select this checkbox to allow scanning of HTTPS connections through an HTTP proxy, which is disabled by default. Traffic from trusted hosts is not scanned (see “Specifying Trusted Hosts” on page 6-37).

Note: For HTTPS scanning to occur properly, you must add the HTTP proxy server port in the Ports to Scan field for the HTTPS service on the Services screen (see “Customizing Web Protocol Scan Settings and Services” on page 6-19).

HTTPS 3rd Party Website Certificate Handling

Select the Allow the UTM to present the website to the client checkbox to allow a Secure Sockets Layer (SSL) connection with a valid certificate that is not signed by a trusted certificate authority (CA). The default setting is to block such as a connection.

Show This Message When an SSL Connection Attempt Fails

By default, a rejected SSL connection is replaced with the following text, which you can customize: “The SSL connection to %URL% cannot be established because of %REASON%.”

Note: Make sure that you keep the %URL% and %REASON% meta words in a message to enable the UTM to insert the proper URL information and the reason of the rejection.

4.Click Apply to save your settings.

Note: For information about certificates that are used for SSL connections and HTTPS traffic, see “Managing Digital Certificates” on page 9-17.

Specifying Trusted Hosts

You can specify trusted hosts for which the UTM bypasses HTTPS traffic scanning and security certificate authentication. The security certificate is sent directly to the client for authentication, which means that the user does not receive a security alert for trusted hosts. For more information about security alerts, see “Managing Self Certificates” on page 9-20.

Note that certain sites contain elements from different HTTPS hosts. As an example, assume that the https://example.com site contains HTTPS elements from the following three hosts:

trustedhostserver1.example.com

trustedhostserver2.example.com

imageserver.example.com

Content Filtering and Optimizing Scans

6-37

v1.0, September 2009

Page 201
Image 201
NETGEAR UTM25-100NAS, UTM10EW-100NAS, UTM25EW-100NAS manual Specifying Trusted Hosts, Https Settings