You may already be using the CPL policy detect_protocol.ssl(no) to bypass certain sites from SSL interception.
Since SGOS 6.5, the SSL proxy is able to handle other protocols apart from HTTPS. (see the CPL Guide for more information on other protocols).
After upgrading to SGOS 6.5
In order to bypass SSL Interception for certain sites, you can use ssl.forward_proxy(no) (within an SSL-Intercept layer) instead of detect_protocol.ssl(no) (within a Proxy layer). In the VPM, the CPL gesture ssl.forward_proxy(no) is called Disable SSL Interception.
If you wish to continue using detect_protocol.ssl(no) due to issues beyond SSL Interception (such as certificate look-up failure), update the CPL to: <proxy> detect_protocol [ssl,https](no) Note: If ProxySG is running SGOS release 126.96.36.199, 188.8.131.52, 184.108.40.206 or 220.127.116.11 change 'detect_protocol [ssl,https](no)' to 'detect_protocol [ssl,https,sips,sip](no)'. See article TECH246796 for more details.
As of SGOS version 18.104.22.168 and later, in the VPM, when setting the Disable SSL Detection Object to the "All Tunneled Traffic" option, it will automatically include the new HTTPS option as described above. However, this is not automatically added to existing policy upon an upgrade. You would need to manually set this object in policy to include the new HTTPS option.
Here are the steps for setting this object in the VPM:
Go to the following in the management console: Configuration>Policy>Visual Policy Manager>click Launch.
On a Web Access Layer, you can right-click in the Action field of a rule and select Set
Click the New button and select Disable SSL Detection... (you will then see a dialog box as shown below)
With the All Tunneled Traffic option selected (which will include HTTPS), click OK
Click OK in the Set Action Object box
Click Install Policy
Imported Document ID: 000017028
Subscribing will provide email updates when this Article is updated. Login is required.