Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Exempting hosts and URL categories from deep inspection

Exempting hosts and URL categories from deep inspection

In some scenarios, you may not want to perform SSL deep inspection and simply choose to trust the connections or the user initiating the connections. In this case, certificates of the hosts and URL categories are inspected but contents are not decrypted for inspection. Thus, security scanning of encrypted traffic for exempted hosts and websites matching exempted URL categories are not performed.

For example, for banking-related traffic, most end users do not want deep inspection applied out of privacy reasons. Similarly, traffic related to personal health and wellness may contain personal information that is too sensitive to scan. As such, when defining deep inspection, FortiSASE exempts the Finance and Banking and Health and Wellness categories by default.

In other cases, a user or user group may need to access websites without deep inspection. Exempting a host or hosts associated with a user or user group achieves this result.

To exempt hosts and URL categories from deep inspection:
  1. Go to Configuration > Security.

  2. At the top of the security profile group page, in the SSL Inspection section, click Customize.

  3. Enable Deep Inspection.
  4. In the Hosts and URL Categories fields, click +.
  5. In the Select Entries pane, select the desired hosts and URL categories to exempt from deep inspection.
  6. Click OK.
Previous
Next

Exempting hosts and URL categories from deep inspection

In some scenarios, you may not want to perform SSL deep inspection and simply choose to trust the connections or the user initiating the connections. In this case, certificates of the hosts and URL categories are inspected but contents are not decrypted for inspection. Thus, security scanning of encrypted traffic for exempted hosts and websites matching exempted URL categories are not performed.

For example, for banking-related traffic, most end users do not want deep inspection applied out of privacy reasons. Similarly, traffic related to personal health and wellness may contain personal information that is too sensitive to scan. As such, when defining deep inspection, FortiSASE exempts the Finance and Banking and Health and Wellness categories by default.

In other cases, a user or user group may need to access websites without deep inspection. Exempting a host or hosts associated with a user or user group achieves this result.

To exempt hosts and URL categories from deep inspection:
  1. Go to Configuration > Security.

  2. At the top of the security profile group page, in the SSL Inspection section, click Customize.

  3. Enable Deep Inspection.
  4. In the Hosts and URL Categories fields, click +.
  5. In the Select Entries pane, select the desired hosts and URL categories to exempt from deep inspection.
  6. Click OK.
Previous
Next