Add a Do Not Decrypt List for Security Profiles for Internet Access
Private Preview
In order to comply with confidentiality regulations in some locations, certain traffic should not be encrypted.
Create a custom Do Not Decrypt list to specify destinations that will not be decrypted by the security and acceptable use features configured in a security profile for internet access. HTTPS traffic to these destinations cannot be properly inspected for threats when traffic is not decrypted.
If you need to specify a Do Not Decrypt address for IPS profiles, edit the system-provided Do Not Decrypt List.
Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
Procedure
- Navigate to Secure > Settings > Do Not Decrypt Lists and click + Add List.

- Give your list a descriptive List Name.

- Add content categories, applications, and domains that will be exempt from decryption:
a. Click Add, select one or more Categories to exempt from HTTPS inspection, then click Close.
![]()
b. Click Add, type a Domain to exempt from HTTPS inspection, then click Add. Add another domain or click Close.
![]()
c. Click Add, select one or more Applications to exempt from decryption, then click Close.
![]()
- Click Save.
You can now select the new Do Not Decrypt List in a security profile for internet access.
Important Information About Do Not Decrypt Lists < Add a Do Not Decrypt List for Security Profiles for Internet Access > Manage Certificates
Updated 2 months ago