OK, so this is driving me mad and I'm obviously missing something.
I've created a custom URL category in which I wish to drop URLs that will bypass SSL decryption. In this I want to use wildcards, so that all sites for a particular company can be bypassed.
For the sake of example, let's say the site I want to get to unencrypted is https://www.microsoft.com
In the URL category I've added *.microsoft.com using the wildcard EXACTLY as documented in the URL_Categorzation_PANOS-RevC.pdf document posted on this site.
The custom URL category is then referenced in a rule in my Decryption policy, with action no-decrypt and type ssl-forward-proxy set appropriately
Everything has then been committed back to the PANOS firewall.
Result? URLs matching the wildcard are still being decrypted. The firewall is completely ignoring the bypass rule.
Anyone got any idea why? The CLI "Test" command doesn't even recognise my custom URL categories, so that's no help.
Firewall is running 5.0.5
Thanks in advance
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!