Exempt traffic from SSL Interception in Cloud SWG (formerly known as WSS)
search cancel

Exempt traffic from SSL Interception in Cloud SWG (formerly known as WSS)


Article ID: 169172


Updated On:


Cloud Secure Web Gateway - Cloud SWG


You need to exempt traffic from SSL Interception in Cloud SWG.  For example, Banking and Healthcare categorized sites are often exempted for compliance reasons.


Cloud SWG (formerly WSS - Web Security Service)


To add a destination or source to SSL Interception exemptions:

  1. Log in to your Cloud SWG Portal account
  2. Select "Policy > TLS/SSL Interception > TLS/SSL Interception Policy" 
  3. Select "+ Add Rule"
a > Sources > Add Sources (Users, Groups, IPs/Subnets, Locations, Deployment types, etc.)
b > Destinations > Add Destinations (Categories, Domains/URLs, IPs/Subnets, etc.)
      4. Once the Source and/or Destination has been set, Set Verdict to "Do Not Intercept"
      5. Select Add Rule
      6. Select "Activate Policy" to activate the changes.

For additional information on SSL Interception, please visit the following topic: 
About Scanning Encrypted Traffic

: After the SSL exemptions are added to the list, Cloud SWG will NOT SSL-decrypt traffic from these sources or to these destinations.  Currently, traffic sent from a mobile device (iOS or Android) is always exempted from SSL Interception.

Additional Information

Note: Please make sure SSL exception rule is added on top of SSL interception rule (if any for the same URL or category) in order to take priority.