Segui

How to Set Up The HTTPS Proxy

Applies to platform: UTM 3.0, UTM 5.0
Last updated: 27th April 2017

This article will illustrate the necessary steps to configure the proxy server for the scan of SSL-encrypted traffic (i.e., traffic through the 443 port).

Configuration Example

https-01.png

When enabled, squid will intercept all clients’ requests and forward them to the remote server, like in the case of HTTP proxy. The only difference is that for HTTPS requests, an ‘intermediate’ certificate is needed for the client to connect via HTTPS to the Endian UTM Appliance, which then can deliver the request, retrieve the remote resource, check it, and then send it to the client who requested it.

Enable HTTP Proxy

In the Dashboard go to: Proxy > HTTP and click on Enable HTTP Proxy switch (it will turn green after it has been enabled). Then, set the operational mode for each zone that should be filtered to transparent and Save the configuration. 

https-02.png

Apply the changes to proceed. 

Choosing the certificate

You have two possibilities for the choice of the certificate: 

  1. To create a new certificate from scratch. Go to Proxy> HTTP> HTTPS Proxy and click on Create a new certificate button. A confirmation dialog box appears, requiring a confirmation. Click on OK to proceed.
  2. Upload a certificate. Click on Choose file, browse the certificate on the local hard disk, then click on Upload to copy the certificate to the Endian UTM Appliance.

After the certificate has been uploaded or created, a new option in the form of a hyperlink will appear next to the Upload proxy certificate. Click the hyperlink Download to get the certificate, which will be needed by the clients.

https-03.png

Enable HTTPS Proxy

Go to Proxy > HTTP > HTTPS Proxy, tick the checkbox Enable HTTPS proxy to activate the service. The next options appear:

1. Tick the Accept every certificate checkbox. This option allows the Endian UTM Appliance to automatically accept all the certificates from the remote server, even those that are not valid or outdated. 

2. The Forward HTTPS connections directly to the Upstream proxy option should not be ticked unless you want the HTTPS traffic to be managed directly by the upstream proxy. When unticked, the traffic is managed by the Endian UTM Appliance.

3. In the Bypass HTTPS proxy for destinations textfield you should write the IP address or domain name of the remote web sites that should be skipped by the HTTPS proxy, one per line (it could also remain blank).

To activate the HTTPS proxy, click on Save and wait a few seconds.

https-04.png

Verify the connection

In order to verify that the HTTPS Proxy is working you should first import the proxy certificate downloaded on your browser. Then, whenever you try to access a domain or an IP that does not appear in the Bypass HTTPS proxy for destinations whitelist, the Not secure warning will appear.

 

Questo articolo ti è stato utile?
Utenti che ritengono sia utile: 0 su 0
Altre domande? Invia una richiesta

Commenti