End-of-Life (EoL)

Exclude a Server from Decryption

You can exclude server traffic from SSL decryption based on the common name (CN) in the server certificate. For example, if you have SSL decryption enabled, you could configure a decryption exception for the server on your corporate network that hosts the web services for your HR systems.
  1. Import the targeted server certificate onto the firewall:
    1. On the
      Certificate Management
      Device Certificates
      tab, select
    2. Enter a descriptive
      Certificate Name
    3. Browse for and select the targeted server
      Certificate File
    4. Click
  2. Select the targeted server certificate on the
    Device Certificates
    tab and enable it to be an
    SSL Exclude Certificate
    When the targeted server certificate is designated as an SSL Exclude Certificate, the firewall does not decrypt the server traffic even if the traffic matches decryption policy rule.

Recommended For You