Customize web protection
Sometimes you may need to customize web protection settings for certain categories of traffic or certain domains. For example, you may not want to decrypt HTTPS traffic for financial services websites because they contain sensitive financial data. You also may want to skip malware scanning and Zero-day protection analysis for sites that you know are low-risk. You can specify this behavior using exceptions.
Objectives
When you complete this unit, you'll know how to do the following:
- Create an exception that allows you to skip HTTPS decryption for a specific web category
- Create an exception that allows you to skip scanning and Zero-day protection analysis for sites that you know are low-risk
Skip HTTPS decryption
You want to skip HTTPS decryption for financial services websites.
- Go to Web > Exceptions and click Add an exception.
- Enter a name.
- Select Web site categories.
- Click Add new item and select Financial services.
-
Click Apply selected items.
-
Select HTTPS decryption.
-
Click Save.
The firewall won't scan any HTTPS traffic to financial services websites.
To turn on the exception, select the switch.
Skip malware scanning and Zero-day protection analysis
You want to skip malware scanning and Zero-day protection analysis for websites that you know are low-risk.
- Go to Web > Exceptions and click Add an exception.
- Enter a name.
- Select the URL pattern matches check box.
-
Type the following expression in the text box.
^([A-Za-z0-9.-]*\.)?example\.com/
This expression matches all “example.com” domains.
-
Click Add .
-
Select Malware and content scanning. Zero-day protection is selected automatically.
-
Click Save.
The firewall won't scan traffic to example.com
websites for malware or perform any Zero-day protection analysis on this traffic.
To turn on the exception, select the switch.
More resources