When SSL tapping is enabled on Secure Web Gateway, you can also configure support for processing HTTP2 traffic. To do this, you configure the settings of the Proxy Control event. If you do not configure HTTP2 support here, web traffic will be downgraded to HTTP/1.1 when SSL tapping is enabled.
Make sure that the rule with the Proxy Control event is placed before the rule with the SSL Tap event. Otherwise, the HTTP2 support that you configured will not take effect
- Add a new rule with the Proxy Control event.
- In the event settings, scroll down to the HTTP2.
- In the event settings, under HTTP2, select Override HTTP2 support.
- Check the Override HTTP2 support box. The two options below it will now be enabled.
- Change Support HTTP2 to Yes, and then enable Support tapping for HTTP2.
- Under Support HTTP2, select Yes. Under Support tapping for HTTP2, select Yes again.
- Save changes. All http/2 traffic will not be downgraded to http/1.1 anymore and will be tapped as received by SWG.
- Click Save Changes.
When SSL tapping is enabled on Secure Web Gateway, HTTP2 traffic can now be processed as is, without being downgraded.