I'm trying to make sense of SSL inspection functionality in transparent mode.
There are two related sections in the manual (9.408) :
- Page 322:
SSL scanning: Select to skip SSL scanning for the webpage in request.
...Note that for technical reasons this option does not work for any transparent
Web Filter mode. With transparent mode, use the Transparent Mode
Skiplist instead...
- Page 323:
Matching these URLs: Select to add target domains that should be exempt
from the security checks of this exception rule. ...
Note – When using Transparent mode with SSL scanning enabled, you need to
enter the target domain(s) as IP addresses. Otherwise the exception will fail for
technical reasons.
Question 1: So, page 322 says SSL scanning exceptions are not possible in transparent mode, while page 323 says they are possible, but only for IPs (and not domains) ? Which one is correct ?
Question 2: I have UTM in transparent mode with SSL inspection enabled. Before I saw the above caveats in the manual, I've added an exception for SSL scanning, "Matching these URLs", "^https://([A-Za-z0-9.-]*\.)?avg\.com/", to make AVG updates work. If I disable the exception, AVG update breaks. Therefore, clearly, the exception is working even though a domain regex is specified (and not IP). This doesn't reconcile with what the manual says !
This thread was automatically locked due to age.
