Skip to main content



Cisco Defense Orchestrator

Configure the Default SSL Decryption Action


  1. Open the Devices & Services page.
  2. Select the device for which you want to configure the default SSL decryption action.
  3. Click Policy in the Management pane at the right.
  4. Click SSL Decryption in the policy bar.
  5. Click the Default Action button. 
  6. Select the action to apply to matching traffic:
  • Do Not Decrypt—Allow the encrypted connection. The access control policy then evaluates the encrypted connection and drops or allows it based on access control rules.
  • Block—Drop the connection immediately. The connection is not passed on to the access control policy.
  1. (Optional.) Configure logging for the default action. You must enable logging to capture events from SSL Decryption policies. Select from these options:
  • At End of Connection—Generate an event at the conclusion of the connection.

    • Send Connection Events To—If you want to send a copy of the events to an external syslog server, select the server object that defines the syslog server. If the required object does not already exist, click Create New Syslog Server and create it. (To disable logging to a syslog server, select Any from the server list.)

      Because event storage on the device is limited, sending events to an external syslog server can provide more long term storage and enhance your event analysis.

If you have a subscription to Cisco Security Analytics and Logging, specify or create the syslog server using a Secure Event Connector's IP address and port. See Cisco Security Analytics and Logging for more information about this feature.

  • No Logging—Do not generate any events.

  1. Click Save.
  2. Review and deploy now the changes you made, or wait and deploy multiple changes at once. 

Next Steps

You have configured the properties of the SSL decryption policy. Now it is time to add rules to the policy. Continue with Configure SSL Decryption Rules.

  • Was this article helpful?