In the default configuration for FortiOS 5.2, several FortiGuard categories and firewall addresses appear in the Exempt from SSL Inspection list. However, if you upgrade your FortiGate to 5.2 from an earlier version, these addresses are not added to your configuration unless you perform a factory reset.
If you would like to manually add some or all of these exemptions to your configuration, the screenshots below show the complete list of the exemptions and information about the firewall addresses.
The exemption list
This image shows the Exempt from SSL Inspection list from the default 5.2 configuration.
Default firewall addresses
This image shows the Firewall Address list from the default 5.2 configuration. This includes addresses that are not part of the exemption list, such as the default addresses for SSL VPN users.
For more information about exemptions to SSL inspection, see Exempting Google from SSL inspection.
The post Default exemptions in the SSL deep-inspection profile appeared first on Fortinet Cookbook.