Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Best Practice: Work with a Skyhigh-supplied Subscribed List

You can use a subscribed list that is supplied by Skyhigh Security in a rule of your web security policy, for example, to let particular traffic bypass SSL scanning.

Web traffic might be sent from the clients of your corporate network to particular destinations, for example, WebEx applications, using SSL-secured connections. When this traffic is received on Web Gateway, you might want to let it skip SSL scanning.

For this purpose, you need a list with the IP address ranges that are used by WebEx. As these addresses change frequently, Skyhigh Security supplies an address list, which is updated in intervals, saving you the effort of keeping this list up to date manually.

The list is included in the update schedule that you configure on Web Gateway to make sure that any updates supplied by Skyhigh Security are eventually passed on to your Web Gateway appliance or to all the appliances that you are running in a Central Management configuration.

To use this Skyhigh Security-supplied list in your web security policy:

  • Create an empty list of your own and let this list be filled with WebEx address ranges from the Skyhigh Security list
  • Set up a rule that uses your list to let requests for accessing WebEx destinations skip SSL scanning

Use a Skyhigh-supplied subscribed list in a rule

To use a Skyhigh Security-supplied subscribed list in a rule that performs a suitable action on web traffic to particular destinations, configure the list as part of the rule criteria.

  1. Select Policy | Rule Sets.
  2. On the rule sets tree, select the SSL Scanner default rule set and click Unlock View to view the complete rules view.
  3. Make sure the rule set is enabled and select the nested Handle CONNECT Call rule set.
    1. Click Add Rule and in the window that opens configure a rule as follows.
      1. Under Name, type the rule name, for example, Bypass SSL scanning for WebEx destinations.
      2. Under Criteria, configure the following:
        • Property: URL.Destination.IP
        • Operator: is in range list
        • Compare with (operand): WebEx IP Ranges Subscribed Lists
      3. Under Action, select Stop Rule Set.
      4. Click Finish.
        The window closes and the rule appears at the end of the rules in the rule set.
      5. Move the rule into first position.
  4. Click Save Changes.

Requests for destinations with the IP addresses on the WebEx list will now bypass SSL scanning on Web Gateway.

Create a Skyhigh-supplied subscribed list with IP address ranges

To create a subscribed list with IP address ranges for WebEx applications that is maintained by Skyhigh Security, create a list of your own and let its content be provided by a Skyhigh Security-supplied list.

  1. Select Policy | Lists.
  2. Above the lists tree, click the Add icon.
  3. In the Add List window, configure a list as follows.
    1. Configure general settings for the list:
      • Name: WebEx Subscribed List or any other suitable name
      • Type: IPRange
    2. Select List content is managed remotely.
    3. Select Skyhigh-supplied and click Choose.
    4. In the Choose List Content window, select the list named WebEx IP Ranges.
  4. Click OK in both windows.
    The list appears on the Subscribed Lists branch of the lists tree
  5. Click Save Changes.

You can now use the list that you have created in a suitable rule.

  • Was this article helpful?