If you're configuring SSL decryption for Dropbox, then you must also
configure your Dropbox clients to allow SSL traffic. These procedures
are specific and private to Dropbox — to obtain these procedures,
contact your Dropbox account representative.
Add
a custom URL category for the SaaS
application you're managing (
Objects
Custom Objects
URL Category
).
Specify a
Name
for the category.
Add
the domains specific to the SaaS application
you're managing or for which you want to insert the username and domain
in the headers. See Domains
used by the Predefined SaaS Application Types for a list of
the domains that you use for each of the predefined SaaS applications.
See Insert Username in HTTP Headers for more information on
configuring the firewall to include the username and domain in the HTTP
headers.
Each domain name can be up to 254 characters and you can identify a
maximum of 50 domains for each entry. The domain list supports
wildcards (for example,
*.example.com
). As a
best practice, do not nest wildcards (for example,
*.*.*
) and do not overlap domains within
the same URL profile.
For SaaS application management, create a
decryption policy rule and, as you follow this procedure,
configure the following:
) to include the HTTP header insertion URL Filtering
profile.
For SaaS application management, allow users to access the SaaS
application for which you're configuring this header insertion rule.
To include the username and domain in the HTTP headers, apply the URL
Filtering profile to the Security policy rule for HTTP or HTTPS traffic.
Choose the URL Filtering profile (
Actions
URL Filtering
) that you edited or created in step 2.
Click
OK
to save and then
Commit
your changes.
Verify that the firewall correctly inserts the header.
For SaaS application management, from an endpoint, confirm that access to the SaaS application
is working in the way you expect.
Try to access an account or content that you expect to be able
to access. If you cannot access the SaaS account or content,
then the configuration is not working.
Try to access an account or content that you expect will be
blocked. If you can access the SaaS account or content, then the
configuration is not working.
If both of the previous steps work as expected, then you can
View Logs (if you configured logging in step 4.4)
and you should see the recorded HTTP header insertion
activity.