You can configure the firewall to decrypt traffic for
visibility, control, and granular security. Decryption policies
can apply to Secure Sockets Layer (SSL) including SSL encapsulated
protocols such as IMAP(S), POP3(S), SMTP(S), and FTP(S), and Secure
Shell (SSH) traffic. SSH decryption can be used to decrypt outbound
and inbound SSH traffic to assure that secure protocols are not
being used to tunnel disallowed applications and content.
Add a decryption policy rule to
define traffic that you want to decrypt (for example, you can decrypt
traffic based on URL categorization). Decryption policy rules are
compared against the traffic in sequence, so more specific rules must
precede the more general ones.
SSL forward proxy decryption requires the configuration of a
trusted certificate that is presented to the user if the server
to which the user is connecting possesses a certificate signed by
a CA trusted by the firewall. Create a certificate on the
page and then click
the name of the certificate and select
The firewall doesn’t decrypt applications that break decryption technically,
for example because they use pinned certificates or client authentication.