You still have to use the https proxy if you're going to use HTTPS, even if you're not going to decrypt. If it doesn't decrypt, it passes through the certs from the site, so your users shouldn't see an issue. (I haven't tested this so I won't guarentee it...)
If I dont to decrypt HTTPS but still want the traffic to be inspected for URL and web reputation, do I need to upload a root certificate still? I would have assume not as I do not want to decrypt HTTPS but the GUI doesn't allow me to enal HTTPS Proxy without uploading a certificate; basically I cannot "Enable HTTPS Proxy" and submit without a cert.
Basically what I just want to do is just pass through the HTTPS traffic to be check against the Access policies that the HTTP is being checked against.
Is this viable? If so can you let me know how I can achieve the above?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...