Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Exempting hosts, URL categories, or service from deep inspection

Exempting hosts, URL categories, or service from deep inspection

In some scenarios, you may not want to perform SSL deep inspection and simply choose to trust the connections or the user initiating the connections. For example, for banking-related traffic, most end users do not want deep inspection applied out of privacy reasons. Similarly, traffic related to personal health and wellness may contain personal information that is too sensitive to scan. As such, when defining deep inspection, FortiSASE exempts the Finance and Banking and Health and Wellness categories by default.

In other cases, a user or user group may need to access websites without deep inspection. Exempting the user prevents their connections from SSL deep inspection scanning altogether.

To exempt hosts, URL categories, or services from deep inspection:
  1. Go to Configuration > Security.
  2. In the SSL Inspection widget, click Customize.
  3. Enable Deep Inspection.
  4. In the Exempt Hosts, URL Categories, and Services fields, click +.
  5. In the Select Entries pane, select the desired hosts, URL categories, and services to exempt from deep inspection.
  6. Click OK.
Previous
Next

Exempting hosts, URL categories, or service from deep inspection

In some scenarios, you may not want to perform SSL deep inspection and simply choose to trust the connections or the user initiating the connections. For example, for banking-related traffic, most end users do not want deep inspection applied out of privacy reasons. Similarly, traffic related to personal health and wellness may contain personal information that is too sensitive to scan. As such, when defining deep inspection, FortiSASE exempts the Finance and Banking and Health and Wellness categories by default.

In other cases, a user or user group may need to access websites without deep inspection. Exempting the user prevents their connections from SSL deep inspection scanning altogether.

To exempt hosts, URL categories, or services from deep inspection:
  1. Go to Configuration > Security.
  2. In the SSL Inspection widget, click Customize.
  3. Enable Deep Inspection.
  4. In the Exempt Hosts, URL Categories, and Services fields, click +.
  5. In the Select Entries pane, select the desired hosts, URL categories, and services to exempt from deep inspection.
  6. Click OK.
Previous
Next