Decrypt all traffic except sensitive categories, which include URL categories such as
financial-services, health-and-medicine, government, and other traffic that you
don’t decrypt for business, legal, or regulatory reasons. Use
URL categories,
custom URL categories, and
External Dynamic Lists (EDLs) to specify
the traffic you don't decrypt.
Use decryption exceptions only where required. Be precise to ensure that you limit exceptions to
specific applications or users based on need:
If decryption breaks an important application,
create an exception for the
specific IP address, domain, or common name in the certificate associated
with the application.
If you need to exclude a specific user for regulatory, business, or legal reasons, create an
exception for just that user.