If you are configuring SSL decryption for Dropbox,
then you must also configure your Dropbox clients to allow SSL traffic.
These procedures are specific and private to Dropbox — to obtain
these procedures, contact your Dropbox account representative.
Add a Custom URL
Category for the SaaS application you are managing (ObjectsCustom ObjectsURL Category).
Specify a Name for the category.
Add the domains specific to
the SaaS application you are managing or for which you want to insert
the username and domain in the headers. See Domains
used by the Predefined SaaS Application Types for a list
of the domains that you use for each of the predefined SaaS applications.
See Insert Username in HTTP Headers for more information
on configuring the firewall to include the username and domain in
the HTTP headers.
Each domain name can be up to 254 characters and you can
identify a maximum of 50 domains for each entry. The domain list
supports wildcards (for example, *.example.com).
As a best practice, do not nest wildcards (for example, *.*.*)
and do not overlap domains within the same URL profile.
For SaaS application management, Create
a Decryption Policy Rule and, as you follow this procedure,
configure the following:
In the Service/URL Category tab, Add the URL
Category that you created in the previous step.
In the Options tab, make sure the Action is
set to Decrypt and that the Type is
set to SSL Forward Proxy.
Select HTTP Header Insertion in
the URL Filtering Profile dialog.
Add an entry.
Specify a Name (up
to 100 characters) for this entry.
Select a predefined Type.
This populates the Domains and Headers lists.
For each Header, enter a Value.
(Optional) Select Log to
enable logging of insertion activity for the headers.
Allowed traffic is not logged, so header insertions are not
logged for allowed traffic.
Click OK to save your changes.
Add or edit a Security
Policy rule (PoliciesSecurity) to include the HTTP
header insertion URL filtering profile.
For SaaS application management, allow users to access
the SaaS application for which you are configuring this header insertion
rule.
To include the username and domain in the HTTP headers, apply
the URL filtering profile to the security policy rule for HTTP or
HTTPS traffic.
Choose the URL filtering profile (ActionsURL Filtering)
that you edited or created in Step 2.
Click OK to save and then Commit your
changes.
Verify that the firewall correctly inserts the header.
For Saas application management, from an endpoint,
confirm that access to the SaaS application is working in the way
you expect.
Try to access an account or content that you
expect to be able to access. If you cannot access the SaaS account
or content, then the configuration is not working.
Try to access an account or content that you expect will be
blocked. If you can access the SaaS account or content, then the
configuration is not working.
If both of the previous steps work as expected, then you can View
Logs (if you configured logging in step 4.4) and you should
see the recorded HTTP header insertion activity.