Disable SSL interception for single IP or Subnet in Edge SWG( ProxySG) policy.
book
Article ID: 234915
calendar_today
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
SSL interception can be disabled for a single client IP or for a subnet in CPL or VPM policy.
SSL interception can also be disabled for a single URL/Domain using CPL or VPM policy , With KB-166365.This will not Impact SSL Interception for other URLs or Domains.
Environment
Release :
Component :
Resolution
Disable SSL interception through the VPM:
Log in to the Management Console (https://<IP_address>:8082).
In Legacy console Select Configuration > Policy > Visual Policy Manager. Click Launch. In New Admin Console Click Visual Policy Manger option in the top right corner of the Proxy Admin Console GUI.
In the VPM, select Policy > Select SSL Intercept Layer.
Click Add Rule.
Right-click the source field and select Set. In the Web VPM instead of right click do a left click.
Click New and select client IP/Subnet Object. Specifies the client IPv4 or IPv6 address then click Add. (You can use subnet as well)
If you want to disable SSL for clients for only a certain destination. a. Right-click the Destination field and select Set. In the Web VPM instead of right click do a left click. b. Click New and select Request URL Object. c. Enter URL in the URL field and then click Add.
Right-click the Action column, select Set > Disable SSL interception.
Click Install Policy. Your new policy has been installed.