Can someone explain SSL/TLS inspection rules vs. Web Exceptions?

Question

Explain like I'm 5 (maybe a 5 year old is smarter at this point, who knows)... 
 
 We have SSL/TLS inspection rules under "Rules and policies." One of these rules is the built in "Exclusions by Website, which references both a Local and Managed TLS exclusion list. Makes sense. 
 
 Then we have Exceptions under "Web," where we can also exempt URLs from HTTPs Decryption. 
 
 How do these two work together? If I have a Web Exception for www.google.com, and www.google.com is also in the Local TLS exclusion list, is that essentially the same thing? 
 
 Thanks, 
 Casey

LuCar Toni · Answer

Essentially one is the service, the other one is the entire Engine. 
 So: DPI Exceptions means, we are not "touching" the decryption. 
 Web Exception means, if the we touched the traffic and forwarded it to the Proxy, the proxy will not do "something" on it.

Can someone explain SSL/TLS inspection rules vs. Web Exceptions?

Top Replies