If a decryption issue requires more than a short period of time to diagnose, you can
temporarily disable and then enable SSL decryption without disrupting network
traffic.
| Where Can I Use
This? | What Do I Need? |
|---|
|
|
Depending on the products you're using, you need at least one
of...
|
You can temporarily disable SSL/TLS decryption to troubleshoot or validate your
decryption deployment. For example, imagine a website does not display as expected
and you suspect decryption might be the cause. You can suspend SSL/TLS decryption
until you confirm or rule out decryption as the cause. Another scenario is a recent
TLS decryption deployment that affects specific applications and services but
reviewing a vast decryption rulebase is impractical. In this scenario, disabling
decryption offers an efficient alternative to analyzing all decryption policy rules
and profiles.
You can use CLI commands to suspend SSL/TLS decryption and resume decryption when
you're ready. These operations don't require changes to decryption policy rules or a
Commit of the updated configuration, so you won't disrupt
network traffic.
Disabling SSL decryption for any period of time impacts your
security posture. Only disable decryption for as long as necessary.
