I don't think that is possible with current design. Unless you can verify if the URL you navigate to for both personal and official are unique. If that is the case the case then you can configure ssl decryption on device and allow or deny specific URLs. Which I think is highly unlikely. Hope this helps. Thank you.
Google is suggesting as below
PAN device can decrypt ssl traffic, though it can't insert HTTP header X-GoogApps-Allowed-Domains.
This means PAN device can't handle such a case.
If you have proxy server, you can do it on the proxy.
Please try this one :-
Create a Custom Data Pattern
Objects - custom-objects - data-patterns
match regex pattern @gmail\.com
Create a Data Filtering profile
Objects - security-profiles - data-filtering
Match the previously created custom data pattern in the Data filtering profile and application as gmail-base.
Create a rule allowing all apps with the data security profile attached to it.
Policies – security – rulebase
Data Filtering log: note the first log as it matches the data pattern
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!