Apply both SSL inspection and URL filtering

The URL filtering category and the SSL inspection exclusion category are set in the URL category setting.
I have a URL that I want to allow with URL filtering and want to exclude SSL inspection, but when I look at the log, it seems that only the SSL inspection exclusion category is applied.

Does anyone know how to apply it to both categories?

Is it possible to apply multiple URL categories to one communication?

If you create a URL category for SSL exceptions, make sure you configure the SSL exceptions under the URLs retaining parent category.

Also if you bypass URL’s for inspection. The action is Do not Inspect. Make sure that you select Evaluate Other Policies if you want certificate and URL filtering policy to be enforced.

With the new SSL policy it is also possible to add SSL exceptions to a IP/FQDN group instead of using a Customer URL category. This way you don’t have any conflict with existing URL categorization.

You can do this by creating a destination group based on IP, FQDN or Wildcard Domains.
Then instead of URL category you select Destination Group in the SSL policy.

1 Like