Enable SSL Decryption
SSL decryption allows the intelligent proxy to do more than just inspect URLs. It also proxies and inspects traffic sent over HTTPS.
Some solutions, such as deep packet inspection solutions on the gateway of a network, inspect all traffic at a granular level. SSL decryption does not function in the same way. Instead, it serves as the intelligent proxy for SSL websites. Umbrella inspects the requested URL and domain name it considers suspicious and blocks all HTTPS URLs considered malicious. Umbrella does not look at anything other than the URL, potentially malicious files (and checksums), and the domain name itself.
If file inspection is enabled, the intelligent proxy also inspects attempted file downloads from risky sites using anti-virus (AV) engines and Cisco Advanced Malware Protection (AMP). This provides comprehensive protection against malicious files. Enabling SSL decryption along with file inspection protects against sites using valid HTTPS but serving malicious files along with innocuous ones.
Root Certificate Requirement
Although only SSL sites on Umbrella’s 'grey' list are proxied, the root certificate must be installed on computers using SSL decryption for the intelligent proxy in their policy. Sites on the 'grey' list can include popular sites, such as file sharing services that can potentially host malware on specific URLs while the rest of the site is harmless.
Without the root certificate, when users go to that service, a browser errors is raised and the site is not accessible. The browser correctly believes that the traffic is being intercepted and proxied by a 'man in the middle' attack, which in this case is Umbrella. Traffic is not decrypted and inspected; instead, the entire website is unavailable.
With the root certificate installed, errors are not raised and the site is accessible when it's proxied and allowed. For more information on installing the root certificate, see Install the Cisco Umbrella Root Certificate.
Prerequisites
- Full Admin access to the Umbrella dashboard. See Manage User Roles.
- The Cisco Umbrella root certificate is installed. See Install the Cisco Umbrella Root Certificate.
- The intelligent proxy is enabled. See Enable the Intelligent Proxy.
Procedure
- Navigate to Policies > Management > DNS Policies and click Add or expand an existing policy.
- Expand Advanced Settings and check SSL Decryption.
- Click Save or Next.
Review the Intelligent Proxy Through Reports < Enable SSL Decryption > Test SSL Decryption
Updated 5 months ago