Hi Team,

I need a help to implement the following scenario:

We are running Gaia R77.30 with Firewall and Application URL filtering blade. In our current setup we have allowed Internet_IP's to our Servers and restricted in URL filtering blade with URL's. There are few sites where the URL's are unknown so we allowed through it's public IP and opened Any Recognized sites in URL filtering.
Now we have the requirement of installing Carbon black Antivirus in our servers. This Anti-virus is trying to contact cloud to download the updates and we have only URL's with us. Also Carbon black won't support Https inspection so we need to bypass Carbon black URLs from Https inspection.

So now we forced to allow Internet_IP's for entire internal network since every server is trying to connect to the cloud. For few applications we do not have an URLs so we are unable to control the things using URL filtering blade. Can somebody suggest how to proceed with this scenario.
I'm drafting the sample current rulebase for reference.


Firewall blade
Source Destination Service Action
10.92.10.10 75.x.x.x Https Allow

URL filtering blade


Source Destination Application/Sites Action
10.92.10.10 Internet Any Recognized Allow

Https Inspection

Source Destination Application/Sites Action
10.92.10.10 Internet Any Recognized Inspect


Currently i have to do the following in order to allow the Carbon black site

Source Destination Service Action
10.92.10.10 75.x.x.x Https Allow

URL filtering blade


Source Destination Application/Sites Action
10.92.10.10 Internet Any Recognized Allow

Https Inspection

Source Destination Application/Sites Action
10.92.10.10 Internet Any Recognized Bypass





I need to know how to allow only Carbon-black URLs where the server already has the access based on the Public IP address. Since the Carbon-black doesn't support SSL connection whenever we try to bypass only the Carbon-black URLs the connection is breaking because probe bypass is disabled on the firewall. Carbon-black doesn't attempt to re initiate connection once the SSL communication breaks.