Decryption policies are used to create groups of rules that define which traffic should be decrypted based on match criteria such as source IPs and destination IPs. Each decryption policy could have its own match criteria, along with an associated action. The actions are defined by action profiles.
BEHAVIOR
Decryption rules are applied in order of priority (rule order). The rules are created at a certain priority, without any rule auto-priority. All rules are created manually, with no system or default rules available.
DECRYPTION POLICY TYPES
Decryption policy rules define what type of traffic needs to be decrypted. You can specify this as the “match criteria.” This type of traffic includes:
Client-side SSL Rules
The Match Criteria for DPI-SSL Client Rules can contain the following traffic parameters:
Server-side SSL Rules
The Match Criteria for DPI-SSL Server Rules can contain the following traffic parameters:
SSH Rules
The Match Criteria for DPI-SSH Rules can contain the following traffic parameters:
Setting up the Decryption Policy Table
To configure the Decryption Policy table:
Navigate to POLICY | Rules and Policies > Decryption Policy.
The Decryption Policy table displays.
In the Column Selection tab, click the arrows on the left to show column options that you can choose to help display Decryption Policy data.