Bypassing HTTPS traffic in transparent bridge mode

- Updated:
- 24 Nov 2016
- Product/Version:
- InterScan Web Security Virtual Appliance 5.6
- InterScan Web Security Virtual Appliance 6.0
- Platform:
- Virtual Appliance 4.1
- Virtual Appliance 5.1

Summary

In transparent bridge mode, you may want to bypass HTTPS traffic completely when the HTTPS decryption feature is not in use.

This means HTTPS traffic will be untouched, and InterScan Web Security Virtual Appliance (IWSVA) will simply act as a two-port switch for HTTPS traffic, thus saving IWSVA resources for other processes.

Note: This solution works for IWSVA in transparent bridge mode only.

Details

To bypass HTTPS traffic:

For IWSVA 5.6

Log in to the IWSVA shell.
Open /etc/iscan/IWSSPIProtocolHttpProxy.pni.
Locate the interested_https_port parameter and remove its value.
For example, the parameter and value ‘interested_https_port=443’ should be ‘interested_https_port='.
Restart all IWSVA services by running this command: /usr/iwss/rcIwss restart

For IWSVA 6.0

Log in to the IWSVA shell.
Open /etc/iscan/IWSSPIProtocolHttpProxy.pni.
Locate the following parameters and remove their values:
interested_https_port
redirect_https_ports_before_bypass
The parameters should appear like this:
interested_https_port=
redirect_https_ports_before_bypass=
Restart all IWSVA services by running this command: /usr/iwss/rcIwss restart

Test Now

Rating:

Category:

Configure

Solution Id:

1099668

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.