You probably meant a "source IP" to exempt. Then put it in the source address on the new policy.

ok i've tried but getting more and more confused. Can anyone walk me through he steps or anything similar please? Much appreciate it

Yes it can be done. Do you want to exempt an internal IP (User or device) or an external IP/website?

Exempt an internal IP and also a mobile device for my boss please if you could provide guidance.

Not sure how to add multiple screenshots, so will reply a few times, sorry.

First create the address with the IP of the device as per the attached screenshot

Once address created go to Policy And Objects and create a new IPv4 Policy, just make sure the new policy is moved above the policy that the phone is currently hitting on the firewall.

Source will be the IP of the device you created

Select whatever services you need, HTTP, HTTPS etc

Do not select the security profiles, or only select the ones you want....

That should be it, if the policy is above the current one the phone will hit the new policy and be excluded from the security scan profiles.

Don't forget to move it above existing policies. You can "drag" it by "ID". FW polcies work in "waterfall" logic from top toward bottom. If anything above matches the traffic including that IP, it wouldn't get to the policy you created.

Thanks this worked like a charm with my boss phone! Just a quick question, will the phone IP change once the user disconnects from the wifi since our network in using DHCP to distribute IP addresses?

And this can also be done to a PC using the same steps?