Hi, In a scenario with 3rd party web proxy(bluecoat) in place, how would the https traffic be handled by sandblast appliance. Considering bluecoat itself is doing https inspection first.
Have a look at sk111306 and install JHF 284 or newer which includes the ICAP server feature.
There is not much information, how you want (or have) implemented the Sandblast appliance.
So just to keep it general:
If you want the https traffic to be inspected there has to be ssl-inspection active. Detail configuration for that depends on the implementation (sandblast before proxy or after).
Other way would be to use ICAP-client on proxy to speak with ICAP-server on Sandblast appliance.
I wish to implement the sandblast appliance to intercept https traffic for Sandboxing. I would like to deploy the Sandblast appliance after proxy towards internet and using fail open card.
Sent from my iPhone
Hmmm. So you want two devices to break open SSL traffic independently?
This is the sort of stuff I would advise if you want nightmares.
It will be slow to the users and the likely hood you will get into negotiate trouble is big.
I can only say that Hugo is right here and ICAP is the much better way to move forward!
If we plan for ICAP then the proxy will act as a ICAP client and will send the traffic to sandblast(ICAP server).
But how would the https traffic work in ICAP scenario. Will proxy send the decrypted packet to sandblast and wait for verdict from sandblast by holding the connection.
That's the basic idea.
In addition this helps getting you started on the BC side:
ProxySG ICAP Integration
Retrieving data ...