Lab 2: URL Category-based Decryption Bypass¶

In this lab exercise, you will bypass SSL decryption based on requests to URLs categorized as financial services web sites.

Estimated completion time: 25 minutes

Objectives:

Apply a new Per-Request Policy to bypass SSL decryption for specific URL categories
Test web browsing behavior

Lab Requirements:

Task 1 – Copy and configure new Per-Request Policy¶

Copy the Lab_Per_Request Per Request Policy by browsing to Access Policy > Per-Request Policies and click Copy
Name the copy Lab_Per_Request_SSL_Bypass
Edit the new Per-Request Policy by clicking Edit, then go to the VPE tab in your browser
Modify the Encrypted Category Lookup object to include a branch for SSL Bypass:
Click on the existing Category Lookup object
On the Properties tab, change the name to Encrypted Category Lookup
Click to access the Branch Rules tab
Click Add Branch Rule and name it Banks
Click Change to modify the Expression of this new Branch Rule
Click Add Expression
Change Agent Sel: to Category Lookup
Change Category is: to Financial Data and Services
Click Add Expression
Click Finished
Click Save
Add an SSL Bypass Set object (from the General Purpose tab) on the Banks branch of the Encrypted Category Lookup
Click Save
Add an SSL Intercept Set object (from the General Purpose tab) on the “fallback” branch of the Encrypted Category Lookup
Click Save
Add a URL Filter object on the SSL Bypass Branch; select the LAB_URL_FILTER URL filter previously created in Lab1
Click Save
Change the Allow branch to an ending of Allow

Open Internet Explorer on your Jump Host client machine
Browse to http://www.wellsfargo.com
The browser should prompt you for authentication. Submit your credentials.
User: user1
Password: AgilityRocks!
Verify the site loads correctly and inspect the SSL certificate to confirm that it is originated from Wells Fargo and SSL Bypass was enabled

Previous Next