I'm currently trying to clean up a policy that's been in place for several years. It was build under R80.20 and has a huge number of rules on the HTTPS policy, most of which are bypass rules. There are several that bypass based on destination IP, things like web based license servers (eg Autodesk), but the majority bypass based on custom applications that contain a list of url's (things like webex, dropbox and even AWS). Whilst I'm aware that this is probably the best way to do it, I'm wondering if all of these are needed now that it's all R81.20, which handles HTTPS inspection much better than R80.20 used to.
Has anyone got any thoughts or advice on this at all? I'm thinking about possibly removing a fair amount of these and monitor/re-add them if necessary later.
Thanks in advance!