Skip to main content



Cisco Defense Orchestrator

Configure the Default SSL Decryption Action


  1. Open the Devices & Services page.
  2. Select the device for which you want to configure the default SSL decryption action.
  3. Click Policy in the Management pane at the right.
  4. Click SSL Decryption in the policy bar.
  5. Click the Default Action button. 
  6. Select the action to apply to matching traffic:
  • Do Not Decrypt—Allow the encrypted connection. The access control policy then evaluates the encrypted connection and drops or allows it based on access control rules.
  • Block—Drop the connection immediately. The connection is not passed on to the access control policy.
  1. (Optional.) Configure logging for the default action. You must enable logging to capture events from SSL Decryption policies. Select from these options:
  • At End of Connection—Generate an event at the conclusion of the connection.

    • Send Connection Events To—If you want to send a copy of the events to an external syslog server, select the server object that defines the syslog server. If the required object does not already exist, click Create New Syslog Server and create it. (To disable logging to a syslog server, select Any from the server list.)

      Because event storage on the device is limited, sending events to an external syslog server can provide more long term storage and enhance your event analysis.

  • No Logging—Do not generate any events.

  1. Click Save.
  2. Deploy Configuration Changes from Defense Orchestrator to FTD.

Next Steps

You have configured the properties of the SSL decryption policy. Now it is time to add rules to the policy. Continue with Configure SSL Decryption Rules.

  • Was this article helpful?