Modify rules and policies from Log viewer
You can edit web policies, NAT and firewall rules, and IPS policies from the Log viewer as follows:
-
Exclude a website or web category from decryption:
- Select SSL/TLS inspection from the module drop-down menu.
- Scroll to the right to the Manage column and select Exclude.
-
Select an option from the following list in the pop-up window and then select Exclude.
-
Subdomain or Domain: Domains and subdomains are added to the URL group Local TLS exclusion list.
The list appears under Categories and websites in SSL/TLS inspection rules.
-
Web category: Web categories are added to the rule Exclusions by website or category.
The list appears on the SSL/TLS inspection rules' list page.
-
Other properties: Select the SSL/TLS inspection rule to specify other objects, such as usernames and IP addresses.
-
Note
The Exclude option isn't shown for traffic with error IDs
19004
(allowed traffic) and19005
(blocked by a web policy). -
Remove a signature for an IPS policy: Click a signature ID and select Disable signature for this IPS policy.
-
Edit a rule or policy: When you click a web policy, NAT rule, or firewall rule, you can follow a link back to the web admin console to edit the policy or rule.