HTTPS
This page is displayed only when HTTPS is enabled on
| HTTPS Proxy Server Port |
Specifies the port that Content Gateway uses when acting as a Web proxy server for HTTPS traffic. The default value is 8080. See also, : HTTPS Ports. |
| Tunnel Unknown Protocols |
Enables and disables tunneling of HTTPS requests when the SSL handshake results in an unknown protocol error. Tunneled connections are not decrypted or inspected. When Content Gateway is an explicit proxy, a URL lookup is performed and policy is applied before the SSL connection request is made with the server. Therefore, tunneled transactions appear in the Forcepoint Web Security transaction log. When Content Gateway is a transparent proxy, if there is an SNI a URL lookup is done on the hostname in the SNI. Otherwise no URL lookup is possible and tunneled transactions are not logged. This is because an initial connection with the server is required to get the Common Name from the SSL certificate. It is used for the URL lookup. If the connection handshake fails and this option is enabled, the connection is tunneled without the proxy being aware of it. Important: This setting persists after the HTTPS feature is disabled (on . Therefore, disable this option before disabling HTTPS support. |