>
    Strata Copilot
    Exclude a Server from Decryption for Technical Reasons (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    4. Decryption Exclusions
    5. Exclude a Server from Decryption for Technical Reasons
    6. Exclude a Server from Decryption for Technical Reasons (Strata Cloud Manager)
    Download PDF
    Network Security

    Exclude a Server from Decryption for Technical Reasons (Strata Cloud Manager)

    Table of Contents

    Exclude a Server from Decryption for Technical Reasons (Strata Cloud Manager)

    Add servers to the Global Decryption Exclusions list to exclude them from decryption for technical, business, regulatory, personal, or other reasons.
    1. Log in to Strata Cloud Manager.
    2. Navigate to the Global Decryption Exclusions settings.
      Select ConfigurationNGFW and Prisma AccessSecurity ServicesDecryption.
    3. Add an entry to the Custom Exclusions list.
      1. Click the + (plus icon).
      2. Enter the Hostname of the website or application you want to exclude from decryption. The hostname is case-sensitive.
        Make sure that the hostname is unique for each entry. If the hostname of a predefined exclusion matches the hostname of a custom entry, the custom entry takes precedence.
        You can use wildcards to exclude multiple hostnames associated with a domain. The NGFW does not decrypt the sessions if the server presents a Common Name (CN) that matches the domain.
      3. (Optional) Enter a Description.
      4. Save your entry.
    4. Commit your changes.
      Select Push ConfigPush.

    © 2026 Palo Alto Networks, Inc. All rights reserved.