In SSLV 4.x versions prior to v18.104.22.168, the unsupported-sites list contains domains of sites known to have issues with SSL Visibility inspection rules, and a cut-through rule was recommended for this list so that SSL Visibility would not try to inspect them. The list contained Symantec-based sites as well as other known sites that had issues.
Starting with v22.214.171.124, the unsupported-sites list included in the release will contain the Symantec-based sites only. Domain names that do not reference the Symantec family of domains have been removed from the unsupported-sites list. The domains removed are the following:
With this change, customers will need to create a custom domain name list of non-Symantec unsupported sites and create a cut-through rule for this list. Refer to the list above for sites that may need to be included in your list. The sites you choose to include are based on your company’s security posture, environment, supported client applications, and other factors contributing to the security policy, including the decision to cut through sites uninspected.
Note that the unsupported-sites list of Symantec domains will be maintained by Symantec and will automatically be updated in future releases when necessary. This list is not editable by the user, but is viewable in the WebUI. Customers are responsible for maintaining their own custom domain list of unsupported sites, using KB INFO5078 as a reference.
Note: To avoid any site availability issues, Symantec recommends this policy change be made prior to upgrading to SSLV 126.96.36.199 or higher versions.
Before upgrading to v188.8.131.52, do the following:
You can now upgrade to v184.108.40.206. After upgrading, go to the WebUI, look at the unsupported-sites list and confirm that it now contains only the Symantec-related domains.
Following an upgrade to 220.127.116.11 (or higher), if a customer has a rule configured with a cut through action using the built-in unsupported-sites list, connections to any domains that were removed from the list will no longer be cut through. This change may result in connections to those domains failing. If the customer has any rule that uses the unsupported-sites list, the action of that rule will not be taken for any domains removed from the list.