Specifying CFS Category-based Exclusions/Inclusions

You can exclude/include entities by content filter categories.

To specify CFS category-based exclusions/inclusions:

1. Navigate to the POLICY | DPI-SSL > Client SSL page.

2. Click CFS Category-based Exclusions/Inclusions.

   

   The status of the list is shown by an icon at the top of the view. A green icon indicates Content Filtering is licensed, a red icon that it is not.

3. Choose whether you want to include or exclude the selected categories by clicking either:

   • Exclude (default)
   • Include

   By default, all categories are unselected.

4. Optionally, repeat Step 3 and Step 4 to create the opposite list.
5. Select the categories to be included/excluded. To select all categories, click Select all Categories.

6. Optionally, to exclude a connection if the content filter category information for a domain is not available to DPI-SSL, select the Exclude connection if Content Filter Category is not available checkbox. This option is not selected by default.

   In most cases, category information for a HTTPS domain is available locally in the firewall cache. When the category information is not locally available, DPI-SSL obtains the category information from the cloud without blocking the client or server communication. In rare cases, the category information is not available for DPI-SSL to make a decision. By default, such sites are inspected in DPI-SSL.

7. Click Accept.