How to add a bypass or cut-through rule in SSL Visibility Appliance for an IP address list

book

Article ID: 169232

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

In the SSL Visibility Appliance an SSL Decryption bypass rule is referred to as a Cut-Through or Cut Through action.  This can be used to select a destination or source IP list that will bypass or Cut Through instead of decrypting the traffic.

 

Resolution

To create a Cut-Through rule for a list of IP addresses perform the following:

Part 1 - Create an IP list of IPs / Subnets to be bypassed:
  1. Policies > IP Address List > In the top section IP Addresses Lists click on the plus button (+) to add a new entry and create a name.
  2. Click the new IP Address List entry and on the bottom box IP Addresses click the plus button (+) to add each IP or Subnet Entry
  3. Click the Policy Changes Apply button at the bottom of the screen to commit this change.

Part 2 - Modify the Ruleset for your desired segment or create a new ruleset.  
  1. Policies Rulesets > Find the ruleset for your desired segment or click on the plus button (+) to create a new ruleset.
  2. Highlight the ruleset and in the Rules section at the bottom click on the plus button (+) to add a new Rule.  
  3. In the Insert Rule menu change the Action to Cut Through 
  4. To set a destination IP list (or source IP list)  select Destination IP List  and select the IP Address List created in Part 1.
  5. If you want to change the rule order to move it up in priority, highlight the rule and use the UP arrow.
  6. Click the Policy Changes Apply button at the bottom of the screen to commit this change.

NOTE:  To change the ruleset applied to a segment:
  1. Policies > Segments > In Segments highlight the segment you want to change and click the pencil icon to edit the segment.
  2. In the Ruleset drop down menu, drop it down to select the new ruleset and click OK
  3. ​Click the Policy Changes Apply button at the bottom of the screen to commit this change.