For certain types of policies you create, Barracuda Content Shield performs SSL Inspection of HTTPS traffic. SSL Inspection involves decrypting, inspecting and re-encrypting web traffic at the URL level, enabling fine grained control over the use of web-based applications. With SSL Inspection, the content of a URL over HTTPS can be scanned, allowing BCS to apply policies at the URL level for traffic from endpoints running the BCS agent.
Barracuda Content Shield performs SSL Inspection on URLs that users visit ONLY if you create a URL-specific policy or enable the SafeSearch feature. SSL Inspection is applied by the BCS agent on the endpoint machine. On the ADVANCED FILTERING page, you can choose to create URL-specific policies or configure SafeSearch per User, Group, or for Everyone.
For example, suppose you want to allow traffic to Google.com, but you want to block Google chat or Google hangouts. If you create a URL policy in BCS for google.com/chat, for example, then BCS will perform SSL inspection for the entire Google domain.
Important notes:
- Since SSL Inspection is a resource-intensive task, performance of the endpoint machine(s) of a user or users specified for a URL policy could be affected. Because of this, the administrator should be careful to only apply URL policies to specific users, unless the policy should be applied to a group or to everyone. If all endpoint machines are fast, performance may not be affected by SSL Inspection.
- SSL Inspection cannot be applied by Category. If you want to create a policy for browsing YouTube, for example, you must create a URL rule for Youtube.com.