AnsweredAssumed Answered

Best practice to exempt sites from HTTPS inspection

Question asked by Markus Marquardt on Apr 25, 2018
Latest reply on May 2, 2018 by Kyle Danielson


what is best practice to exclude sites - identified by hostname - from https inspection?

We cannot use host objects as the ip addresses behind the FQDNs can change without notice.

We would like to use FQDN (R80.10) objects, but unfortunately it seems they are NOT supported in HTTPS inspection policy. Is there a plan to implement this?

So we are ending up with creating custom URLs? But this will still have some impact on the (at least 1st) HTTPS connection to this destination as the firewall has to check the first packet for URL.

Any thoughts?