Manage HTTPS Decryption Exceptions

Applies To: Cloud-managed Fireboxes

Transport Layer Security (TLS) is an industry standard based on a system of trusted rules and certificates issued by certificate authorities and recognized by servers. To encrypt data as it is exchanged over IP networks, TLS creates a secure channel between the server and the end user computer or other devices as they exchange information over the internet.

HTTPS policies do not perform TLS decryption for enabled domains in the Default HTTPS Decryption Exceptions list.

In WatchGuard Cloud, you can disable or enable HTTPS decryption exceptions for domains and services on your network.

You should only disable an HTTPS decryption exception for a service that you do not want to use on your network. If you disable an exception, the Firebox will try to decrypt the traffic, which might cause the service to not work.

To enable and disable HTTPS decryption exceptions:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
    Status and settings for the selected Firebox appear.
  3. Select Device Configuration.
    The Device Configuration page displays the WatchGuard Cloud security services.
  4. Click the Exceptions tile.
    The Exceptions page opens.

Screen shot of WatchGuard Cloud Exceptions page

  1. Click Manage HTTPS Decryption Exceptions.
  2. To enable or disable domains for a company, click in the row for the company.

Screen shot of WatchGuard Cloud Exceptions, Manage HTTPS Decryption Exceptions page

  1. Select Enable All or Disable All.
  2. To view a list of the individual domains associated with a company, select View All Domains.

Screen shot of WatchGuard Cloud Exceptions page, View all domains

  1. From the drop-down list in the Status column, select Enabled or Disabled for each domain you want to enable or disable.
    To search for a specific domain, in the upper, right corner, type the domain name in the Search box.

Screen shot of HTTPS Decryption Exceptions page

  1. Click Back.
  2. To save the configuration changes to the cloud, click Save.

See Also

About WatchGuard Cloud Account Manager (Service Providers)

About WatchGuard Cloud Device Manager (Subscribers)

Download the Certificate for TLS Decryption

Add Blocked Sites and Blocked Ports