add ssl-inspection exception

Description

Add a new exception to bypass SSL Inspection policy for specific traffic.

Syntax

add ssl-inspection exception [ source <source> ] [ source-negate <source-negate> ] [ destination <destination> ] [ destination-negate <destination-negate> ] [ service <service> ] [ service-negate <service-negate> ] [ { [ category-name <category-name> ] | [ category-id <category-id> ] } ] [ category-negate <category-negate> ] [ comment "<comment>" ] [ track <track> ] [ disabled <disabled> ]

Parameters

Parameter	Description
category-id	Application or custom application name
category-name	Application or custom application name
category-negate	If true, the category is all traffic except what is defined in the category field Type: Boolean (true/false)
comment	Description of the rule A string that contains less than 257 characters, of this set: `a-z` (lower-case letters) `A-Z` (upper-case letters) `0-9` (digits) '`,`' (comma) '`.`' (period) '`-`' (minus) '`(`' (opening round bracket) '`)`' (closing round bracket) '`:`' (colon) '`@`' (at)
destination	Network object that is the target of the connection
destination-negate	If true, the destination is all traffic except what is defined in the destination field Type: Boolean (true/false)
disabled	Indicates if the exception is disabled Type: Boolean (true/false)
service	The network service object that the exception should match to
service-negate	If true, the service is everything except what is defined in the service field Type: Boolean (true/false)
source	Network object or user group that initiates the connection
source-negate	If true, the source is all traffic except what is defined in the source field Type: Boolean (true/false)
track	The action taken when there is a match on the rule Options: none, log, alert

Example

add ssl-inspection exception source TEXT source-negate true destination TEXT destination-negate true service TEXT service-negate true category-name TEXT category-negate true comment "This is a comment" track none disabled true