The Case for Decryption
Traffic that is encrypted when it passes through the system can be allowed or blocked only but it cannot be subjected to deep inspection or the full range of policy enforcement (such as intrusion prevention).
All encrypted connections:
-
Are sent through the decryption policy to determine if they should be decrypted or blocked.
You can also configure decryption rules to block encrypted traffic of types you know you do not want on your network, such as traffic that uses the nonsecure SSL protocol or traffic with an expired or invalid certificate.
-
If unblocked, whether or not decrypted, traffic goes through the access control policy for a final allow or block decision.
Only decrypted traffic takes advantage of the system's threat defense and policy enforcement features, such as:
-
Advanced Malware Protection
-
Security intelligence
-
Threat Intelligence Director
-
Application detectors
-
URL and category filtering
Keep in mind that decrypting and then re-encrypting traffic adds a processing load on the device, which can reduce overall system performance.
In summary:
-
Encrypted traffic can be allowed or blocked by policy; encrypted traffic cannot be inspected
-
Decrypted traffic is subject to threat defense and policy enforcement; decrypted traffic can be allowed or blocked by policy