End-of-Life (EoL)

Exclude a Server from Decryption

You can exclude server traffic from SSL decryption based on the common name (CN) in the server certificate. For example, if you have SSL decryption enabled, you could configure a decryption exception for the server on your corporate network that hosts the web services for your HR systems.
  1. Import the targeted server certificate onto the firewall:
    1. On the
      Device
      Certificate Management
      Certificates
      Device Certificates
      tab, select
      Import
      .
    2. Enter a descriptive
      Certificate Name
      .
    3. Browse for and select the targeted server
      Certificate File
      .
    4. Click
      OK
      .
  2. Select the targeted server certificate on the
    Device Certificates
    tab and enable it to be an
    SSL Exclude Certificate
    .
    When the targeted server certificate is designated as an SSL Exclude Certificate, the firewall does not decrypt the server traffic even if the traffic matches decryption policy rule.

Recommended For You