Can someone let me know how to allow staff to type in gmail.com in their browser and not get the attached "common name mismatch" error? I imagine it is simple, but I am pretty inexperienced with the MWG policy editing. I am able to get it to work if I simply add gmail.com to the global whitelist, but that is not an ideal solution. Thanks.
It is better if you use a bypass rule with a "Stop Rule Set" action for gmail.com in the Certification Verification ruleset rather than using the global whitelist.
Default global whitelist uses Stop Cycle action which stops the checking of the traffic against the other rules.
This means it bypasses your DLP ruleset, AV scanning, among others. But this is also a temporary workaround. You must divulge more unto why you receive the CN error.
Haven't tested this, but what if you added a rule something like this?
Criteria: URL.Host.BelongsToDomains (gmail.com) equals true
Events: Set URL.Host = "mail.google.com"
When someone puts www.gmail.com into their web browser, MWG would change that to mail.google.com before you reach certificate verification so the certificate CN should then match.
This would need to go above the certificate verification rules in the SSL Scanner rule set.
Having this same issue too. We're on the 7.4.2 beta (to address a different, although similar issue), so it might be something that needs to go back to Engineering.
I tried the rule suggested by btlyric above, but it sent the browser into a loop. Seems that www.gmail.com is a CNAME for mail.google.com, but the MWG doesn't like that the cert presented isn't the one that is initially requested.
Will see what PS has to say about this.