DPI-SSL Exclusions, Show Connection Failures, and Other Suggestions
I'm surprised that there still isn't a way to export all the custom entries for Common Name Exclusions/Inclusions. A lot of times I want to use many of the same entries in different customer firewalls, so I have to manually add them all. Best I can do is keep a master list on my PC and paste it into the Add box with the proper formatting.
Also, some kind of time-stamping of the connection failures that would at times make troubleshooting a little easier.
Lastly, one of my great frustrations with DPI-SSL is when sites/connections get blocked and there is no indication under Connection Failure or Event Logs, yet if I disable DPI-SSL the problem goes away. What types of DPI-SSL blocks aren't recorded and why not? Can there be a management over-ride function at the browser that doesn't require going into the firewall and disabling DPI-SSL for everyone, or doing a temporary exclusion?