Decrypt networks and users

This option enables you to enforce decryption and deep inspection for specific network objects and from specific users and groups in Microsoft AD, LDAP, or Local realms.

Network objects

Networks control or decrypt traffic by its source and destination IP address, using inner headers. Tunnel rules, which use outer headers, have tunnel endpoint conditions instead of network conditions.

You can use predefined objects to build network conditions.

Users and groups

You can choose to decrypt traffic from a subset of users and groups in your identity realms and you can also choose to decrypt traffic from the following special identities:

Failed Authentication: User that failed authentication with the captive portal.
Guest: Users configured as guest users in the captive portal.
No Authentication Required: Users that match an identity No Authentication Required rule action.
Unknown: Users that cannot be identified; for example, users that are not downloaded by a configured realm.

For more information

For more information, see Add networks and users.