Create a Decryption Policy
You can create any of the following types of decryption policies:
-
Outbound protection policy with rules that protect outbound connections; that is, the destination server is outside your protected network. This type of rule has a Decrypt - Resign rule action. We also create additional rules with a Do Not Decrypt action that excludes traffic you specify (such as traffic that uses certificate pinning.)
See Create a Decryption Policy with Outbound Connection Protection
-
Inbound protection policy with a rule that protects inbound connections; that is, the destination server is inside your protected network. This type of rule has a Decrypt - Known Key rule action. We also create additional rules with a Do Not Decrypt action that excludes traffic you specify (such as traffic that uses certificate pinning.) These rules are disabled initially but you can modify and enable them later if you wish.
See Create a Decryption Policy with Inbound Connection Protection
-
Other actions (including Do Not Decrypt, Block, and Block with Reset).