Exempt traffic from SSL Interception in Cloud SWG (formerly known as WSS)
search cancel

Exempt traffic from SSL Interception in Cloud SWG (formerly known as WSS)

book

Article ID: 169172

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

You need to exempt traffic from SSL Interception in Cloud SWG.  For example, Banking and Healthcare categorized sites are often exempted for compliance reasons.

Environment

Cloud SWG (formerly WSS - Web Security Service)

Resolution

To add a destination or source to SSL Interception exemptions:

  1. Log in to your Cloud SWG Portal account
  2. Select "Policy > TLS/SSL Interception > TLS/SSL Interception Policy" 
  3. Select "+ Add Rule"
a > Sources > Add Sources (Users, Groups, IPs/Subnets, Locations, Deployment types, etc.)
b > Destinations > Add Destinations (Categories, Domains/URLs, IPs/Subnets, etc.)
 
      4. Once the Source and/or Destination has been set, Set Verdict to "Do Not Intercept"
      5. Select Add Rule
      6. Select "Activate Policy" to activate the changes.


For additional information on SSL Interception, please visit the following topic: 
About Scanning Encrypted Traffic


Note: After the SSL exemptions are added to the list, Cloud SWG will NOT SSL-decrypt traffic from these sources or to these destinations.  Currently, traffic sent from a mobile device (iOS or Android) is always exempted from SSL Interception.

Additional Information

Note: Please make sure SSL exception rule is added on top of SSL interception rule (if any for the same URL or category) in order to take priority. 

For SSL interception policy on UPE (Management Center) please click link below:
Cloud SWG UPE: Enable TLS/SSL Interception

Powered by Wolken Software