Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
championc1
Explorer

Can I totally bypass HTTPS inspection for a particular URL ?

Can I create a Security Rule to allow HTTPS to a specific Domain and totally bypass HTTPS inspection for a particular URL, rather than creating a Bypass Action rule in the HTTPS Inspection Policy ?

I want to permit access to a particular external URL without the possibility of HTTPS inspection doing something.  We have had several instances recently where the Bypass action rule has stopped working, leading to all of the traffic being inspected, which then breaks access to the external website.

I found that I needed to re-push the policy with Threat Prevention ticked in order to get the Bypass Action rules to start working again

0 Kudos
4 Replies
the_rock
Legend
Legend

Well, you can create a rule allowing access to that domain using say domain object or custom url object, as long as you have urlf blade enabled in network layer. I cant guarantee that would work, but you can certainly give it a go.

Andy

0 Kudos
the_rock
Legend
Legend

I should have clarified...if you have separate urlf ordered layer, thats where I would create the rule.

Andy

0 Kudos
PhoneBoy
Admin
Admin

Yes, that's why we have an HTTPS Inspection policy.
However, the decision to bypass inspection cannot be made on a full URL, but only on a specific host.
The reason: most web connections are HTTPS and access to the URL requires full HTTPS Inspection (the very thing you're trying to avoid).
If you use an App Control category or Custom Application/Site in your policy, this requires App Control.

A screenshot of your actual HTTPS Inspection policy might be helpful along with version/JHF information.

the_rock
Legend
Legend

Good points!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events