Create a Post
Showing results for 
Search instead for 
Did you mean: 

Best practice to exempt sites from HTTPS inspection


what is best practice to exclude sites - identified by hostname - from https inspection?

We cannot use host objects as the ip addresses behind the FQDNs can change without notice.

We would like to use FQDN (R80.10) objects, but unfortunately it seems they are NOT supported in HTTPS inspection policy. Is there a plan to implement this?

So we are ending up with creating custom URLs? But this will still have some impact on the (at least 1st) HTTPS connection to this destination as the firewall has to check the first packet for URL.

Any thoughts?

3 Replies
This widget could not be displayed.