Create HTTPS Inspection Policies

This article applies to our On-Premise Appliance Filter and Firewall product only, not to Cloud.

 

Smoothwall inspects page headers to block access to unsafe or distracting content when using Web Filter Policies. With HTTPS inspection, Smoothwall scans all content in the whole web page, resulting in better filtering.

Before you begin

  • Ensure you have added a HTTPS certificate. When saving your policy changes, you can select Guardian CA certificate in the banner to download it, for users to import into their browsers.
  • Go to Guardian > HTTPS inspection > Manage policies and ensure a HTTPS inspection policy does not already exist for the category you want to use.

Create a policy

Go to Guardian > HTTPS inspection > Policy wizard, or go to Guardian > HTTPS inspection > Manage policies and select Create a new policy.

Work through each section from the top of the page to the bottom. Manage the items in your policy by selecting Add or Remove. Select Next or the down arrow to expand each step.

  1. In the Who section, select who the policy applies to. Select either:
    • Everyone to apply to all users
    • One or more User Groups
    • The single user icon and enter a username (not available in Cloud Filter)
  1. In the What section, select the type of content to be actioned by the policy. Select either:

Important: To prevent issues with the policy not applying or (if applied to Everything), having unintended effects, you must make sure your policies are targeted to the right thing. Check what to target using the Categories and Content Modifications lists.

  1. In the Where section, select where the policy should apply. Select either:
  1. In the When section, select when the policy should apply from your list of Time slots.
  1. Use the Action selector to choose how the policy should work:
    • Create a policy folder.
    • Decrypt and inspect: Examine encrypted traffic to identify threats and block inappropriate content within the page, not just the header.
    • Validate certificate only: Smoothwall won’t decrypt or inspect, but it will check if the destination server's Transport Layer Security (TLS) certificate is valid.
    • Do not inspect: Smoothwall won’t decrypt, inspect or check certificate validity.
  2. Ensure Enable policy is selected.
  3. Select Confirm.
  4. On the next page:
    • You can download the certificate for users to import into their browsers by selecting Guardian CA certificate in the banners.
    • Select Save.
  5. Go to Guardian > HTTPS inspection > Manage policies to see the new policy at the bottom of the policy table. Policies are applied in order from top to bottom, so you may need to reorder them.

Manage Policy folders

Policy folders can help you organise policies, such as by grouping policies by User Group. Anything entered into the Who, What, Where, and When fields of a Policy folder applies to all policies within that folder.

Important

  • You can’t move existing policies into folders, so you would need to delete any existing policies, then recreate them within the folder.
  • You can’t create sub-folders.
  • Check your folders carefully to ensure you don’t have contradicting policies.

 

Create a Policy folder

  1. Go to Guardian > HTTPS inspection > Policy wizard or Guardian > HTTPS inspection > Manage policies and select Create a new policy.
  2. Fill in or leave blank the Who, What, Where and When fields.
  3. Select Create policy folder as the Action.
  4. Ensure the Enable policy checkbox is selected.
  5. Select Confirm.
  6. On the next page, select Save.

Add policies to the folder

  1. Go to Guardian > HTTPS inspection > Manage policies.
  2. Select the folder icon.
  3. Fill out the Who, What, Where, When, and Action as required. Any fields set for the Policy folder will apply and can’t be edited.
  4. Ensure the Enable policy checkbox is selected.
  5. Select Confirm.
  6. On the next page, select Save.