I have just implemented an Ironport WSA at a customer site. It works as expected except for one thing: dropbox clients say that they "cannot establish a secure connection" and wont connect/sync.
The clients are behind a Cisco ASA which WCCP redirects outbound web-traffic (both http and https) to the WSA on inside. The WSA does https decryption and all client trusts the root cert that the WSA uses.
Browsing to https sites in general works fine, and browsing to www.dropbox.com also works without any problem.
The clients trusts the WSA but that doesn't mean that Dropbox trusts the WSA. It would depend on what trust store the dropbox application uses whether the application trusts the certificate or not. Similar to Firefox having it's own trust store that is independant of the operating systems that I.E. uses. I don't have an answer at this time as I haven't investigated the problem but this might give you some place to look.
You will need to register to the website in order to look up the IP address. Once you have registered and logged in, paste the IP address from the access logs in Step 1 into the search field labeled SEARCH WHOISRWS. This will bring up the CIDR(subnet) which belongs to dropbox. Currently the defined CIDR is 184.108.40.206/22.
3. Create a custom URL category and add the IP subnet, dropbox.com, .dropbox.com to the custom url category. Log into your WSA (GUI)
Go to Web Security Manager -> Custom URL Categories
Click Add Custom Category and under Sites mention CIDR for Dropbox, dropbox.com, .dropbox.com
Submit and Commit the changes
4. Associate the Custom URL category thus created with a new or an existing Identity that has authentication turned off.
5. Associate the above Identity in step 4 with a new or existing Access policy and set the custom URL category for Drop box to "Allow".
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...