This topic provides details about the bypass decryption action profile.

Prerequisites

Your local government and Enterprise privacy policies might forbid decryption of certain content. For example, when the client is accessing a financial website or a healthcare provider website, there might be laws forbidding interception and decryption of such traffic.

For ease of configuration, NSX includes a pre-defined context profile, default-bypass-highfidelity-profile, to meet such requirements. NSX uses context profiles to match domain URLs to be skipped, or bypassed, from decryption. The default profile includes the URL categories: healthcare and financial.

In this release, you cannot create bypass decryption action profiles or modify the default profile. The default profile has the following profile settings:
Profile Setting Description
Invalid Certificates: Allow Set to Allow - If the server presents with an expired or untrusted certificate, this choice allows the connection to proceed.
Crypto Enforcement: Transparent Set to transparent - no cipher or TLS version enforcement occurs if the URL matches the bypass decryption profile rule.