This topic provides details about the bypass decryption action profile.
Your local government and Enterprise privacy policies might forbid decryption of certain content. For example, when the client is accessing a financial website or a healthcare provider website, there might be laws forbidding interception and decryption of such traffic.
For ease of configuration, NSX includes a pre-defined context profile, default-bypass-highfidelity-profile, to meet such requirements. NSX uses context profiles to match domain URLs to be skipped, or bypassed, from decryption. The default profile includes the URL categories: healthcare and financial.
|Invalid Certificates: Allow||Set to Allow - If the server presents with an expired or untrusted certificate, this choice allows the connection to proceed.|
|Crypto Enforcement: Transparent||Set to transparent - no cipher or TLS version enforcement occurs if the URL matches the bypass decryption profile rule.|