Add Exceptions in WatchGuard Cloud

Applies To: Cloud-managed Fireboxes

When you enable security services to block sites, ports, and content, in some cases, you might not want the cloud-managed Firebox to block an IP address, URL, domain, or email address. You can add an exception to allow users access.

To add an exception:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
    Status and settings for the selected Firebox appear.
  3. Select Device Configuration.
    The Device Configuration page displays the WatchGuard Cloud security services.
  4. Click the Exceptions tile.
    The Exceptions page opens.

WatchGuard Cloud screen shot of Exceptions page

  1. Click Add Exception.
    The Add Exception dialog box opens.

Screen shot of Add Exception dialog box

  1. From the Select Service menu, select the service you want to add an exception for. For information about how to use FQDN in exemptions and policies, see About Policies by Domain Name (FQDN).
    • Blocked Sites — Add an exception for a host IPv4 address, network IPv4 address, or host IPv4 address range, or you can add an exception by FQDN.
    • Botnet Detection — Add an exception for a host IPv4 address, network IPv4 address, or host IPv4 address range, or you can add an exception by FQDN.
    • Gateway AntiVirus, IntelligentAV, APT Blocker — Add an exception for the File MD5 Hash and specify the action the service should take when the file is encountered (Allow or Deny).
    • Geolocation — Add an exception for a host IPv4 address, network IPv4 address, or host IPv4 address range, or you can add an exception by FQDN
    • HTTPS Decryption — Add an exception for an HTTPS domain and specify the action the service should take when the domain is encountered (Allow or Deny).
    • IPS — Add an exception for a signature ID and specify the action the service should take when the signature ID is encountered (Allow, Drop, or Block). Select the Alarm check box to generate an alarm for the exception.
    • WebBlocker — Add an exception for a website and specify the action WebBlocker should take when the website is encountered (Allow or Deny). You can add a WebBlocker exception that is an exact match of a URL, a pattern match of a URL, or a regular expression. For more information on how to specify an exception, see WebBlocker Exceptions. Select the Alarm check box to generate an alarm for the exception.
    • spamBlocker — Add an exception to bypass spamBlocker actions for emails sent to or from a specific sender or recipient address. Specify the protocol and email address the exception applies to, and the action to take for the exception (Allow, Deny, or Add Subject Tag). For more information about spamBlocker actions, see Configure Content Scanning in WatchGuard Cloud.
  2. (Optional) In the Description text box, type a description of the exception.
  3. Click Save.
    To delete an exception, click in the row for the exception.

See Also

Add a Cloud-Managed Firebox to WatchGuard Cloud

Add Blocked Sites and Blocked Ports

Manage HTTPS Decryption Exceptions