Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Customize web protection

Sometimes you may need to customize web protection settings for certain categories of traffic or certain domains. For example, you may not want to decrypt HTTPS traffic for financial services websites because they contain sensitive financial data. You also may want to skip malware scanning and Zero-day protection analysis for sites that you know are low-risk. You can specify this behavior using exceptions.

Objectives

When you complete this unit, you'll know how to do the following:

  • Create an exception that allows you to skip HTTPS decryption for a specific web category
  • Create an exception that allows you to skip scanning and Zero-day protection analysis for sites that you know are low-risk

Skip HTTPS decryption

You want to skip HTTPS decryption for financial services websites.

  1. Go to Web > Exceptions and click Add an exception.
  2. Enter a name.
  3. Select Web site categories.
  4. Click Add new item and select Financial services.
  5. Click Apply selected items.

    Category to exclude from decryption.

  6. Select HTTPS decryption.

    Select HTTPS decryption.

  7. Click Save.

The firewall won't scan any HTTPS traffic to financial services websites.

To turn on the exception, select the switch.

Skip malware scanning and Zero-day protection analysis

You want to skip malware scanning and Zero-day protection analysis for websites that you know are low-risk.

  1. Go to Web > Exceptions and click Add an exception.
  2. Enter a name.
  3. Select the URL pattern matches check box.
  4. Type the following expression in the text box.

    ^([A-Za-z0-9.-]*\.)?example\.com/
    

    This expression matches all “example.com” domains.

  5. Click Add Add button..

    URL pattern for malware scanning.

  6. Select Malware and content scanning. Zero-day protection is selected automatically.

    Select malware and content scanning.

  7. Click Save.

The firewall won't scan traffic to example.com websites for malware or perform any Zero-day protection analysis on this traffic.

To turn on the exception, select the switch.

More resources