For full details on how to setup and configure SSL proxy for transparent interception and transparent authentication using an SSL certificate issued from a Microsoft PKI server, please see 000008716.
1.) From the Management Console (https://<ip.address.of.proxysg>:8082) go to the Configuration tab > Policy > Visual Policy Manager > Launch. This will launch the Visual Policy Manager (VPM) application.
2.) From the Policy menu, select "Add Web Authentication Layer". You will be creating a combined object containing two request URL objexts: HTTPS, and HTTP.
3.) Right-click the Destination cell and select Set > New > Request URL.
4.) Select "Advanced Match". In the Name field, type url_scheme_https. From the Scheme drop-down list, select https.
5.) Click Add to add the Request URL Object for HTTPS.
6.) Now, repeat the same procedure to add a request URL object for HTTP.
7.) Select Advanced Match. In the Name field, type url_scheme_http. From the scheme drop-down list, select http.
8.) Click Add and then Close. You should now see both url_scheme_http and url_scheme_https in the Set Destination Object dialog.
9.) Click New > Combined Destination Object. In the Name field, type url_schemes_http_https
10.) Shift-click to select both url_scheme_http and url_scheme_https and then click Add.
11.) Click OK to add the Combined Destination Object to the Web Access Layer, and then click OK to close the Set Destination Object dialog.
12.) Right-click the Action cell and select Set.
13.) Click New and select Authenticate
14.) Specify the desired Realm and select a redirect Mode:
origin-cookie-redirect: Where the client is redirected to a virtual URL to be authenticated, and cookies are used as the surrogate credential.
origin-ip-redirect: (insecure) where the client is redirected to a virtual URL to be authenticated, and the client ip_address is used as a surrogate credential.
form-cookie-redirect: Where a form is presented to collect the user's credentials. The user is redirected to the authentication virtual URL before the form is presented.
form-ip-redirect: (insecure) where the user is redirected to the authentication virtual URL before the form is presented.
15.) In this example, the mode is set to origin-cookie-redirect
16.) Click OK to add the authentication object, and then click OK to close the Set Destination Object dialog.
17.) From the Policy menu, select Add SSL Intercept Layer.
18.) Right-click the Action cell and select Set > New > Enable HTTPS Interception.
19.) Click OK to add the interception object, and then click OK to close the Set Action Object dialog.
20.) In the Visual Policy manager, click Install Policy.