On our internal network, we have our Windows domain, along with some non-domain devices and wireless devices connecting via 802.1x on the same network. I currently have the internal network web protection profile setup to decrypt and scan SSL content. This causes an issue with Android or other mobile devices unless I install the CA cert on each device (not practical in this situation). Is there a way to disable SSL scanning just for devices that don't authenticate via AD?
The profile is setup as follows:
Allowed Networks: Internal
Mode: Transparent
Default Authentication: AD SSO
Device-specific Auth is set to None for everything other than Windows.
For Policies, I have several policies tied to AD groups for different company departments, then I have one at the bottom for "Guests" (Users/Groups set to Any). The devices that don't authenticate grab the "Guests" policy as expected, but obviously I can't tell the policy to change HTTPS scanning mode.
Is it possible to use multiple profiles for the same interface so devices that don't authenticate won't have HTTPS traffic sent through the proxy?
This thread was automatically locked due to age.
