Add a Do Not Decrypt List for Security Profiles for Internet Access
Private Preview
Decrypting traffic to certain destinations may be prohibited by regional privacy regulations.
Create a custom Do Not Decrypt list to specify destinations that will not be decrypted by the security and acceptable use features configured in a security profile for internet access. HTTPS traffic to these destinations cannot be properly inspected for threats when traffic is not decrypted.
If you need to specify a Do Not Decrypt address for IPS profiles, edit the system-provided Do Not Decrypt List.
Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
Procedure
- Navigate to Secure > Settings > Do Not Decrypt Lists and click Add.
- Give your list a good descriptive List Name.
- Add content categories, applications, and domains that will be exempt from decryption:
a. Click Add, select Categories to be exempt from HTTPS inspection and then click Close.
b. Click Add, add a Domain to exempt it from HTTPS inspection and then click Add.
c. Click Add, select Applications to be exempt from decryption and then click Close.
- Click Save.
You can now select the new Do Not Decrypt List in a security profile for internet access.
Important Information About Do Not Decrypt Lists < Add a Do Not Decrypt List for Security Profiles for Internet Access > Manage Certificates
Updated 2 months ago