Create a Bypass Decryption Action
Profile
This topic provides details about the bypass decryption action profile.
Your local government and Enterprise
privacy policies might forbid decryption of certain content. For example, when the
client is accessing a financial website or a healthcare provider website, there
might be laws forbidding interception and decryption of such traffic.
For ease of configuration,
NSX
includes a pre-defined bypass decryption profile,
default-bypass-highfidelity-profile
, to meet such
requirements. NSX
uses the profile to match domain URLs
to be skipped, or bypassed, from decryption. The default profile includes the URL
categories: healthcare and financial.In this release, you cannot create bypass
decryption action profiles or modify the default profile. The default profile has
the following profile settings:
Profile Setting | Description |
|---|---|
Invalid Certificates: Allow | Set to Allow - If the server presents with an expired or
untrusted certificate, this choice allows the connection to
proceed. |
Crypto Enforcement: Transparent | Set to transparent - no cipher or TLS version enforcement
occurs if the URL matches the bypass decryption profile
rule. |