I have a key question about the functionality of the SSL Inspector app and the default rule set.
What we don’t understand is why the default inspection rules list what we would have thought as trusted locations, i.e google.com, yahoo.com etc. Would not disguised SSL attacks be coming from less reputable / niche url locations ?
I do see a “Inspect all Traffic” rule, but having watched the Tech Talk webinar, it is advised not to enable this rule due to various technical restrictions opposed by how Google / Chrome certificates work. This seems at odds with what I understand the SSL Inspector sets out to achieve. A counter point to this Google specific rationale for omitting a scan all rule is that the default rules do actually include a Google inspection rule.
As a consequence it appears that we have to add SSL rules for every single site to inspect manually which is is not viable considering the scope of legitimate sites visited by users on the network (not to mention the worst case scenarios of malicious or improper usage).
With the above in mind, it is almost sensible that we don’t need to set this up.
Any advice / recommendations on the use-case and configuration of the SSL Inspector app would be greatly appreciated.
Cheers,
Adam.