In some cases, you might need to alert your
users to the fact that the firewall is decrypting certain web traffic
and allow them to terminate sessions that they do not want inspected.
With SSL Opt Out enabled, the first time a user attempts to browse to
an HTTPS site or application that matches your decryption policy,
the firewall displays a response page notifying the user that it
will decrypt the session. Users can either click
allow decryption and continue to the site or click
opt out of decryption and terminate the session. The choice to allow
decryption applies to all HTTPS sites that users try to access for
the next 24 hours, after which the firewall redisplays the response
page. Users who opt out of SSL decryption cannot access the requested
web page, or any other HTTPS site, for the next minute. After the
minute elapses, the firewall redisplays the response page the next
time the users attempt to access an HTTPS site.
includes a predefined SSL Decryption Opt-out Page that you can enable. You
can optionally customize the page with your own text and/or images.
Customize the SSL Decryption
SSL Decryption Opt-out Page
Using the HTML text editor of your choice, edit the
If you want to add an image, host the image on a web
server that is accessible from your end user systems.
Add a line to the HTML to point to the image. For