Hi,
There is certificate pinning. But I don't want to inspect. Bypass should work as I see certificate cn.
Yes, bypass works for IP addresses.
According to: sk104717 in R80.30 probe bypass was introduced - enabled by default.
Bypass mechanism was improved to better reflect policy and resolve the above limitations:
- Stop the inspection of the first connection to bypassed sites.
- Allow bypass of Non-Browser Applications connections.
- Allow Bypass of connections to servers that require client certificate.
- New probing mechanism eliminates the need to inspect the first connection to an IP address unless it is required by the policy.
Limitation.
HTTPS Inspection will not work for sites that require SNI (Server Name Indication) extension in the SSL "Client hello" packet. (Server Name Indication is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.)
There is SNI inside Client Hello, but I do not want to inpsect. I want to bypass so this limitation is irrelevant.
Best Regards
Maciej