HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a request/response protocol between clients and servers used for secure communications and transactions. You can use the HTTPS-proxy to secure a web server protected by your Firebox or XTM device, or to examine HTTPS traffic requested by clients on your network. By default, when an HTTPS client starts a request, it establishes a TCP (Transmission Control Protocol) connection on port 443. Most HTTPS servers listen for requests on port 443.
HTTPS is more secure than HTTP because HTTPS uses a digital certificate to encrypt and decrypt user page requests as well as the pages that are returned by the web server. Because HTTPS traffic is encrypted, the Firebox or XTM device must decrypt it before it can be examined. After it examines the content, the Firebox or XTM device encrypts the traffic with a certificate and sends it to the intended destination.
You can export the default certificate created by your Firebox or XTM device for this feature, or import a certificate for the device to use instead. If you use the HTTPS-proxy to examine web traffic requested by users on your network, we recommend that you export the default certificate and distribute it to each user so that they do not receive browser warnings about untrusted certificates. If you use the HTTPS-proxy to secure a web server that accepts requests from an external network, we recommend that you import the current web server certificate for the same reason.
When an HTTPS client or server uses a port other than port 443 in your organization, you can use the TCP/UDP proxy to relay the traffic to the HTTPS-proxy. For information on the TCP/UDP proxy, see About the TCP-UDP-Proxy.
To add the HTTPS-proxy to your XTM device configuration, see Add a Proxy Policy to Your Configuration.
If you must change the proxy definition, from the
On the Settings tab, you can set basic information about a proxy policy, such as whether it allows or denies traffic, create access rules for a policy, or configure policy-based routing, static NAT, or server load balancing. The Settings tab also shows the port and protocol for the policy, as well as an optional description of the policy. You can use the settings on this tab to set logging, notification, automatic blocking, and timeout preferences.
If Application Control is enabled on your device, you can set the action this proxy uses for Application Control.
For more information, see Enable Application Control in a Policy.
On the Traffic Management tab, you can select the Traffic Management action for the policy. You can also create a new Traffic Management action. For more information about Traffic Management actions, see Define a Traffic Management Action in v11.8.x and Lower and Add a Traffic Management Action to a Policy.
To apply a Traffic Management action in a policy:
You can choose a predefined proxy action or configure a user-defined proxy action for this proxy. For more information about how to configure proxy actions, see About Proxy Actions.
To configure the proxy action:
For the HTTPS-proxy, you can configure these categories of settings for a proxy action:
On the Scheduling tab, you can specify an operating schedule for the policy. You can select an existing schedule or create a new schedule.
The Advanced tab includes settings for NAT, QoS, multi-WAN, and ICMP options.
To edit or add a comment to this proxy policy configuration, type the comment in the Comment text box.
For more information on the options for this tab, see:
About Proxy Policies and ALGs