[QUESTION] SSL Inspection DPI no Proxy

Question

Hello to all, 
 SFOS v18 EAP 3 - So SSL Inspection works and almost all is great. I found a application / game that makes huge issues with the DPI active since it uses a mix of IPs (allot) and Host-names. 
 For exclusions I understand to insert Host-names were the traffic decryption should not take place. But with IPs I see a huge Issue because the provider can switch them in a heart beat and so the pool of IPs will grow - BUT - It is still the same application! 
 My Question: 
 If I had Intercept X Advanced could the "Application Identification" enhance the SNI and include the missing IPs? 
 For testing: 
 Application in question -> The Division 2 
 I know I bring in allot of games on this EAP test but some of them use advanced techniques or are plain and simple totally incompatible with SSL Inspection. 
 Best regards 
 Eli.

SaschaParis · Accepted Answer

Hi Eli 
 
 That could be solved at least in two ways: 
 1. Use Regex in the Web Exceptions to exclude IP Adresses with following regex ^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\/ 
 2. Exclude the web category "IP Address", as XG categorizes every access to a IP instead a FQN as "IP Address" 
 I use both for myself too 
 /Sascha