Exclude a Server from Decryption for Technical Reasons (PAN-OS)

1. Log in to the web interface.
2. Navigate to the SSL Decryption Exclusions list.

   Select DeviceCertificate ManagementSSL Decryption Exclusions.
3. Add a new decryption exclusion, or select an existing custom entry to modify.

   1. Enter the hostname of the website or application you want to exclude from decryption. The hostname is case-sensitive.

      Make sure that the hostname field is unique for each custom entry. If a predefined exclusion matches a custom entry, the custom entry takes precedence.

      You can use wildcards to exclude multiple hostnames associated with a domain. The NGFW does not decrypt the sessions if the server presents a Common Name (CN) that matches the domain.
   2. (Optional) To share the exclusion across all virtual systems in a multiple virtual system NGFW, select Shared.
   3. Exclude the application from decryption.

      In contrast, you can deselect this option to begin decrypting an entry that was previously excluded from decryption.
   4. Click OK.
4. Commit your changes.