Customizing web protection

Sometimes you may need to customize web protection settings for certain categories of traffic or certain domains. For example, you may not want to decrypt HTTPS traffic for financial services websites because they contain sensitive financial data. You also may want to skip malware scanning and Sandstorm analysis for sites that you know are low-risk. You can specify this behavior using exceptions.

Objectives

When you complete this unit, you’ll know how to do the following:
  • Create an exception that allows you to skip HTTPS decryption for a specific web category
  • Create an exception that allows you to skip scanning and Sandstorm analysis for sites that you know are low-risk

Skip HTTPS decryption

You want to skip HTTPS decryption for financial services websites.

  1. Go to Web > Exceptions and click Add an exception.
  2. Enter a name.
  3. Select Web site categories.
  4. Click Add new item and select Financial services.
  5. Click Apply selected items.
  6. Select HTTPS decryption.
  7. Click Save.

The firewall does not scan any HTTPS traffic to financial services websites.

Click the On/Off switch to turn the exception on.

Skip malware scanning and Sandstorm analysis

We want to skip malware scanning and Sandstorm analysis for websites that we know are low-risk.

  1. Go to Web > Exceptions and click Add an exception.
  2. Enter a name.
  3. Select the URL pattern matches check box.
  4. Type the following expression in the text box. 
    ^([A-Za-z0-9.-]*\.)?example\.com/
    This expression matches all “example.com” domains.
  5. Click .
  6. Select the Malware and content scanning check box.
    The Sandstorm check box is selected automatically.
  7. Click Save.

The firewall does not scan traffic to “example.com” websites for malware or perform any Sandstorm analysis on this traffic.

Click the On/Off switch to turn the exception on.