Important Information About Do Not Decrypt Lists

Traffic that is not decrypted cannot be effectively inspected for threats.

However, in order to comply with confidentiality regulations in some locations, certain traffic should not be decrypted. You can use Do Not Decrypt lists to specify these destinations.

To edit this list, navigate to Secure > Do Not Decrypt Lists. To create a Do Not Decrypt List, see Add a Policy.

📘

About decryption in private access rules

Do not use the system-provided Do Not Decrypt list for private destinations. Instead, you can configure a private resource and not enable decryption for that resource. See Add Private Resources.

The System-Provided Do Not Decrypt List

The system-provided Do Not Decrypt list does not include the ability to specify applications; this option is available only in custom lists.

Initially, this list is empty. Add the destinations that are important to your organization.

Limitation: Do Not Decrypt Based on Content Category

While web site categorization is updated continuously, it is not possible to categorize all web sites on the internet, and some sites may be categorized incorrectly. Therefore, if you choose not to decrypt traffic based on content category, it is possible that traffic to sites that should not be decrypted may be decrypted, and traffic that should be decrypted may not be decrypted.

This limitation is not unique to Cisco.

Manage Traffic Decryption < Important Information About Do Not Decrypt Lists > Add a Do Not Decrypt List