End-of-Life (EoL)

Decryption Exceptions

Applications that do not function properly when the firewall decrypts them are automatically excluded from SSL decryption. For a current list of applications the firewall excludes from SSL decryption by default, see List of Applications Excluded from SSL Decryption.
You can also Configure Decryption Exceptions to exclude applications, URL categories, and targeted server traffic from decryption:
  • Exclude certain URL categories or applications that either do not work properly with decryption enabled or for any other reason, including for legal or privacy purposes. You can use a decryption policy to exclude traffic from decryption based on source, destination, URL category, service (port or protocol), and TCP port numbers. For example, with SSL decryption enabled, you can choose URL categories to exclude traffic that is categorized as financial or health-related from decryption.
  • Exclude server traffic from SSL decryption based on the Common Name (CN) in the server certificate. For example, if you have SSL decryption enabled but have certain servers for which you do not want to decrypt traffic, such as the web services for your HR systems, exclude those servers from decryption by importing the server certificate onto the firewall and modifying the certificate to be an
    SSL Exclude Certificate
    .

Recommended For You