Disable SSL interception for single IP or Subnet in Edge SWG( ProxySG) policy.
search cancel

Disable SSL interception for single IP or Subnet in Edge SWG( ProxySG) policy.

book

Article ID: 234915

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction


SSL interception can be disabled for a single client IP or for a subnet in CPL or VPM policy.


SSL interception can also be disabled for a single URL/Domain using CPL or VPM policy , With KB-166365.This will not Impact SSL Interception for other URLs or Domains.

Environment

Release :

Component :

Resolution

Disable SSL interception through the VPM:

  • Log in to the Management Console (https://<IP_address>:8082).
  • In Legacy console Select Configuration > Policy > Visual Policy Manager. Click Launch. In New Admin Console Click Visual Policy Manger option in the top right corner of the Proxy Admin Console GUI.
  • In the VPM, select Policy > Select SSL Intercept Layer.
  • Click Add Rule.
  • Right-click the source field and select Set. In the Web VPM instead of right click do a left click.
  • Click New and select client IP/Subnet Object. Specifies the client IPv4 or IPv6 address then click Add.
    (You can use subnet as well)

       If you want to disable SSL for clients for only a certain destination. 
           a. Right-click the Destination field and select Set. In the Web VPM instead of right click do a left click.
           b. Click New and select Request URL Object.
           c. Enter URL in the URL field and then click Add.

  • Right-click the Action column, select Set > Disable SSL interception.
  • Click Install Policy. Your new policy has been installed.