This topic provides details about the bypass decryption action profile.
Prerequisites
Your local government and Enterprise privacy policies might forbid decryption of certain content. For example, when the client is accessing a financial website or a healthcare provider website, there might be laws forbidding interception and decryption of such traffic.
For ease of configuration, NSX includes a pre-defined bypass decryption profile, default-bypass-highfidelity-profile, to meet such requirements. NSX uses the profile to match domain URLs to be skipped, or bypassed, from decryption. The default profile includes the URL categories: healthcare and financial.
In this release, you cannot create bypass decryption action profiles or modify the default profile. The default profile has the following profile settings:
Profile Setting | Description |
---|---|
Invalid Certificates: Allow | Set to Allow - If the server presents with an expired or untrusted certificate, this choice allows the connection to proceed. |
Crypto Enforcement: Transparent | Set to transparent - no cipher or TLS version enforcement occurs if the URL matches the bypass decryption profile rule. |