This topic provides details about the bypass decryption action profile.


Your local government and Enterprise privacy policies might forbid decryption of certain content. For example, when the client is accessing a financial website or a healthcare provider website, there might be laws forbidding interception and decryption of such traffic.

For ease of configuration, NSX includes a pre-defined context profile, default-bypass-highfidelity-profile, to meet such requirements. NSX uses context profiles to match domain URLs to be skipped, or bypassed, from decryption. The default profile includes the URL categories: healthcare and financial.

In this release, you cannot create bypass decryption action profiles or modify the default profile. The default profile has the following profile settings:
Profile Setting Description
Invalid Certificates: Allow Set to Allow - If the server presents with an expired or untrusted certificate, this choice allows the connection to proceed.
Crypto Enforcement: Transparent Set to transparent - no cipher or TLS version enforcement occurs if the URL matches the bypass decryption profile rule.