Configuring Network Composer and workstations for Full SSL Filtering and Inspection

Similar documents
Network Visibility - Reporting

This document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).

Wavecrest Certificate SHA-512

RPC Over HTTP Install Windows Server 2003 Configure your Exchange 2003 front-end server as an RPC Proxy server

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

UNT System Campus VPN Guide

Using the Terminal Services Gateway Lesson 10

CYAN SECURE WEB HOWTO. SSL Intercept

Training Bulletin TITLE: CHIP-CARD BROWSER RECOMMENDATIONS AUDIENCE: GENERAL MANAGERS, FRONT DESK STAFF DATE: DECEMBER 12. Intro

Time Machine Web Console Installation Guide

Installing and Configuring vcenter Multi-Hypervisor Manager

Best Practices for Security Certificates w/ Connect

VII. Corente Services SSL Client

Secure Web Appliance. SSL Intercept

How to Configure SSL Interception in the Firewall

Installing and Configuring vcloud Connector

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

Important notice regarding accounts used for installation and configuration

NetExtender for SSL-VPN

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

ConnectUPS-X / -BD /-E How to use and install SSL, SSH

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Installing and Configuring vcloud Connector

Enterprise 3.4 RC1. Managing Alfresco Content from within Microsoft Office

Palo Alto Networks PAN-OS

Using SSL to Secure Client/Server Connections

Privileged Access Agent on a Remote Desktop Services Gateway

Training Quick Steps Internet Explorer (v7) Settings. Adding Your URL as a Trusted Site

PST for Outlook Admin Guide

OrgPublisher Silverlight Configuration for Server 2003, IIS 6

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

Dell AppAssure Core to Core Replication Configuration Guide for Silver Peak Velocity

Cisco Unified Serviceability

NBC-IG Installation Guide. Version 7.2

Using vrealize Operations Tenant App as a Service Provider

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

Mitel MiVoice Connect Security Certificates

Installation Guide. Mobile Print for Business version 1.0. July 2014 Issue 1.0

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

ForeScout Extended Module for VMware AirWatch MDM

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Setting Up Jive for SharePoint Online and Office 365. Introduction 2

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

FUJITSU Software. ServerView Infrastructure Manager Plug-in for. VMware vcenter Server 1.1. Setup Guide. For vcenter Server 6.0

IIS INSTALLATION & CONFIGURATION

Installation and Configuration Guide

Using SSL/TLS with Active Directory / LDAP

How to Configure SSL Interception in the Firewall

SyAM Management Utilities can be used for silent deployment of Microsoft Office 2007 or 2010 to client systems.

Web Applications Installation. version

Evaluation Guide Host Access Management and Security Server 12.4 SP1 ( )

SQL Server Reporting Services (SSRS) is one of SQL Server 2008 s

Covene Cohesion Server Installation Guide A Modular Platform for Pexip Infinity Management October 25, 2016 Version 3.3 Revision 1.

New World ERP-eSuite

Your File System Applications What s running on your machine It s own devices Networking. L07 - Getting to know your computer

Advanced Web Scanner Service

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

.NET SAML Consumer Value-Added (VAM) Deployment Guide

WatchGuard XCS and Outlook Web Access 2013

Internet Script Editor

Certificates for Live Data

Using ZENworks with Novell Service Desk

Configuring and Managing WAAS Legacy Print Services

Web Push Notification

Registration and Renewal procedure for Belfius Certificate

ForeScout Extended Module for MobileIron

Dell Storage Center Update Utility Administrator s Guide

Certificate Management

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Introduction. Opening and Closing Databases. Access 2010 Managing Databases and Objects. Video: Working with Databases in Access 2010

integreat4tfs Installation Guide

IQSweb Installation Instructions Version 5.0

User Manual. Virtual and Hardware Appliance User Manual - Version

Guided Exercise 1.1: Setting up the sample OpenEdge Data Object Services

App Orchestration 2.6

BDM Hyperion Workspace Basics

FedLine Web Customer Certificate Contingency Procedures

KYOCERA Device Manager Installation and Upgrade Guide

This document is intended for use by Nagios Administrators that want to use Slack for notifications.

Using the Horizon vcenter Orchestrator Plug-In. VMware Horizon 6 6.0

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Exostar LDAP Proxy/Secure Setup Guide September 2017

Read the following information carefully, before you begin an upgrade.

ForeScout Extended Module for MaaS360

Integrate Aventail SSL VPN

10ZiG Manager Cloud Setup Guide

MailEnable Connector for Microsoft Outlook

GroupWise Web Access 7.0

Web Applications Installation. version 12.17


KG-TOWER Software Download and Installation Instructions

A D S S G o > S i g n D e s k t o p. I n s t a l l a t i o n G u i d e. D o c u m e n t V e r s i o n

OUTLOOK WEB APP (OWA): MAIL

Adobe Marketing Cloud Bloodhound for Windows 2.2

From the Insert Tab (1), highlight Picture (2) drop down and finally choose From Computer to insert a new image

IBM Cloud Client Technical Engagement Education Network Columbus, Ohio

Transcription:

January 20, 2011 Author: Audience: SWAT Team Evaluator Product: Cymphonix Network Composer EX Series, XLi OS version 9 Configuring Network Composer and workstations for Full SSL Filtering and Inspection Network Composer utilizes HTTPS/SSL Filtering to allow you to view and restrict Web traffic for secure web sites and also prohibit users from viewing unauthorized content within a SSL tunnel. Implementing the full SSL mode consists of two processes. First you will configure Network Composer which consists of creating and saving the Network Composer SSL Certificate, followed by configuring the Network Composer to inspect SSL traffic through Internet Usage Rules. Secondly, you will deploy out the newly created SSL certificate to the workstation(s). After completing the configuration of your Network Composer and workstation(s) you will test SSL filtering by category and reporting of SSL traffic. Configuring Network Composer for SSL inspection Creating and saving the Network Composer s SSL Certificate To save the SSL certificate within Network Composer 1. Log in to Network Composer. 2. Click the Admin tab. 3. Select Configuration > SSL Certificate Settings. 4. Enter your company information in the text boxes on the page. Click Apply.

2 A message dialog appears. Click OK. Configure Network Composer to inspect SSL traffic through the Internet Usage Rule. 1. Navigate to Manage > Policies & Rules > Internet Usage Rules > Test Group 1. Note: If you re performing this test case from a network node or with a directory user that is not a member of test Group1, make sure you edit the Internet Usage Rule that is associated to your current group membership in Policy Manager. a) Change the Traffic Flow Rule Set to App + Web Filter + Anonymous Proxy Guard + SSL Filter. Go to the HTTPS/SSL Filtering tab and choose the radial button next to Enable full SSL content filtering and then click Save. 2

3 Configuring Workstation(s) - Download and Deploy SSL Certificate to workstation(s) You will install the certificate, cacert.cer, manually on the workstation(s) for these test cases, but when you deploy the SSL Certificate within your corporate network you will utilize a GPO to automate the process to eliminate a manual installation on every workstation. 1. Go to Admin > Downloads > SSL Authority Certificate. 2. Click Download SSL Signing-Authority Certificate. a. Click the download link. b. Click Save. c. The Save As dialog appears. Browse to a directory folder, and save the cacert.cer file. d. From the Download complete dialog, click Close. e. Close the File Download page. 2. Close the Network Composer page. 3. You are now going to install this certificate file on the workstation so that users can browse SSL sites successfully and Network Composer can decrypt/re-crypt any SSL sessions for inspection. The end result is that the certificate file is imported into a Trusted Root Authority store location. a) From the directory where you saved the SSL certificate cacert.cer file, double-click on the certificate. 3

4 The Open File Security Warning dialog appears. Click Open b) From the Certificate dialog, click Install Certificate. 4

5 c) From the Certificate Import Wizard, click Next. This wizard walks you through each step of importing your cacert.cert file, so that you can create a Group Policy Object to apply throughout your network. d) Create a Certificate Store. The Network Composer Trusted Authority Certificate will be stored in the store location you select. Windows lets you select the certificate store location you want from a list. Select Place all certificates in the following store. Click Browse. 5

6 The following dialog appears. Select Trusted Root Certification Authorities. Click OK. e) Confirm that the Certificate Store you selected from the Select Certificate Store dialog displays correctly in the text box. Click Next. 6

7 f) Confirm the Certificate Store settings you selected in the text box. Click Finish. The cacert.cer file imports into the Certificate Store. You have now completed the Network Composer SSL Certification installation. Testing Network Composer s ability to inspect, filter, and report on SSL traffic. Verify a successful connection to the SSL site Within your browser s address bar enter in the URL https://login.yahoo.com. This website is the same as mail.yahoo.com and is associated to the Webmail category. 7

8 Verify Network Composer is inspecting SSL traffic through Network Composer reports 1. Log in to Network Composer. 2. Click the Report Tab. 3. Select Web Usage > Overview/Hits. Then change the Encryption Type located in the top options pane from No Filter to SSL. 8

9 4. Right Click on Allowed and highlight Report Correlations and then select Correlate by Host. 5. You will see yahoo.com listed as a host, meaning that SSL content was analyzed and reported on. 6. You can additionally right click on yahoo.com and View URL Details to see all SSL content from the web site. Note: You must have View URL Details turned on in your advanced settings for this option to be available. Navigate to Admin > Configuration > Advanced Settings to verify the URL details setting. 9

10 Configure Network Composer to filter SSL content by category 1. Log in to Network Composer 2. Click the Manage Tab. 3. Go to Manage > Policies & Rules > Internet Usage Rules > Test Group 1. Note: If you re performing this test case from a network node or with a directory user that is not a member of Test Group 1, make sure you edit the Internet Usage Rule that is associated to your current group membership in Policy Manager Within the Blocked Categories tab click Edit Blocked Categories 10

11 Choose Webmail from the Allowed Categories list and Add to the Blocked Categories and then click ok. Click Save at the bottom of your Add/Edit Internet Usage Rule Set page. Verify Network Composer is Filtering SSL Traffic by category Within your browser s address bar enter in the URL https://login.yahoo.com. This website is the same as mail.yahoo.com and is associated to the Webmail category. You should receive a blocked page that lists a Blocked Reason of Category: Webmail. 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback