Views:

Define rules to decrypt HTTPS traffic from selected URL categories to apply configured secure access rules in the same way as HTTP traffic.

Action
Description
Add an HTTPS inspection rule
For more information, see Adding an HTTPS inspection rule.
Check an HTTPS inspection rule
  • View the basic information about an HTTPS inspection rule.
    Note
    Note
    Trend Vision One automatically creates a default rule to decrypt all HTTPS traffic initiated from any location. When enabled, the default rule applies whenever no other HTTPS inspection rules are matched. The default rule always has the lowest priority and cannot be deleted.
Configure an HTTPS inspection rule
  • To change the basic information about an HTTPS inspection rule, click edit_icon=GUID-1F1D1164-5310-4D6D-ACD0-6049C86960AF.png in the Action column.
  • To duplicate an HTTPS inspection rule, click duplicate=e79af1b6-17af-40ad-b942-53ffb9e796d2.jpg in the Action column. This provides a convenient way of adding a new inspection rule with settings similar to an existing rule.
  • To delete an HTTPS inspection rule from Trend Vision One, click trash_icon=GUID-47cf6867-6315-438e-8670-86ff36f22a28.png in the Action column .
    To delete more than one HTTPS inspection rule, select the rules and click Delete in the upper left.
Configure a default CA certificate for the Internet Access Cloud or On-Premises Gateway to decrypt HTTPS traffic
  1. Click the Settings gear icon in the upper right.
  2. Determine and configure the default CA certificate that automatically applies to HTTPS inspection rules.
    • Built-in CA certificate provided by Internet Access: Download the certificate from the console and deploy it to the browsers of your users.
      Note
      Note
      • The built-in CA certificate is not signed by a trusted CA on the internet. To avoid certificate warnings on browsers when users access HTTPS websites, make sure that you deploy the built-in CA certificate to the supported browsers.
      • Internet Access provides different built-in certificates for the cloud gateway and on-premises gateways.
    • Your own CA certificate: Cross-sign your organization's CA certificate and upload the cross-signed certificate to the console.
    To reset the default certificate, click Reset to Built-in Certificate.
  3. Click Save.
You can choose to use another CA certificate when configuring an HTTPS inspection rule.
Pass HTTPS requests to web servers when decryption fails
Select whether to allow your users to access HTTPS content when the Internet Access Gateway fails to decrypt HTTPS traffic for some reason.
  1. Click the Settings gear icon in the upper right.
  2. On the Bypass Mode tab, click the toggle under Pass HTTPS requests to web servers when decryption fails to enable this feature.
  3. Click Save.
Related information