You may already be using the CPL policy detect_protocol.ssl(no) to bypass certain sites from SSL interception.
Since SGOS 6.5, the SSL proxy is able to handle other protocols apart from HTTPS. (see the CPL Guide for more information on other protocols).
After upgrading to SGOS 6.5
In order to bypass SSL Interception for certain sites, you can use ssl.forward_proxy(no) (within an SSL-Intercept layer) instead of detect_protocol.ssl(no) (within a Proxy layer). In the VPM, the CPL gesture ssl.forward_proxy(no) is called Disable SSL Interception.
If you wish to continue using detect_protocol.ssl(no) due to issues beyond SSL Interception (such as certificate look-up failure), update the CPL to:
Note: If ProxySG is running SGOS release 220.127.116.11, 18.104.22.168, 22.214.171.124 or 126.96.36.199 change 'detect_protocol [ssl,https](no)' to 'detect_protocol [ssl,https,sips,sip](no)'. See article TECH246796 for more details.
As of SGOS version 188.8.131.52 and later, in the VPM, when setting the Disable SSL Detection Object to the "All Tunneled Traffic" option, it will automatically include the new HTTPS option as described above. However, this is not automatically added to existing policy upon an upgrade. You would need to manually set this object in policy to include the new HTTPS option.
Here are the steps for setting this object in the VPM: