HTTPS inspection policies enable you to inspect and manage communication between users on your network and web sites which use HTTPS by configuring an inspection method for different user groups, destinations and locations.
Guardian processes HTTPS inspection policies in order of priority as listed on the Guardian > HTTPS inspection > Manage policies page, from top to bottom, until a match is found. You can change the order by dragging and dropping policies in new positions.
Guardian comes with three pre-configured HTTPS inspection policies which handle the following content:
Online banking – when enabled, this policy allows users to do online banking without communications being decrypted and inspected
All encrypted content accessed by unauthenticated IPs – when enabled, this policy decrypts and inspects all encrypted content that users at unauthenticated IPs try to access
Certificate validation – enabled by default, this policy check secure certificates on web sites. Any sites whose certificates are self-signed, out of date or otherwise invalid will be blocked.
Go to Guardian > HTTPS inspection > Manage policies.
Locate the policy you want to enable, click on the Enabled bar to change it to a green tick.
Repeat the step above for any other policies you want to enable and then click Save. Guardian enables the policies.
Note: When, for the first time, you enable a HTTP inspection policy which decrypts and inspects content Guardian informs you that users’ browsers must have the Guardian CA certificate in order for the policy to work.
You can click on Guardian CA certificate in the text displayed and download the certificate ready for import into browsers. See Managing HTTPS Inspections for more information about how to import the certificate.
You must specify the order Guardian applies HTTPS inspection policies
Go to the Guardian > HTTPS inspection > Manage policies page.
Locate the policy in the HTTPS policies panel.
Drag and drop the policy to where you want Guardian to apply it. For example, if you have created a policy which does not inspect the Google HTTPS AdSense site when accessed by marketing students, drag the policy to the top of the list of policies.
Click Save. Guardian re-orders and applies the HTTPS inspection policies and allows all users in the marketing student group to access the Google AdSense site.
Click Confirm. Guardian displays the settings you have selected. Review them and click Save to save the changes to the policy. Guardian updates the policy and makes it available on the Guardian > HTTPS inspection > Manage policies page.