Decryption Rule Blocking Actions
The system provides the following decryption rule actions for traffic you do not want to pass through the system:
-
Block to terminate the connection, resulting in an error in the client browser.
The error message does not indicate the site was blocked due to policy. Instead, errors might indicate that there are no common encryption algorithms. It is not obvious from this message that you blocked the connection on purpose.
-
Block with reset to terminate and reset the connection, resulting in an error in the client browser.
The error indicates the connection was reset but does not indicate why.
Tip | You cannot use the Block or Block with reset action in a passive or inline (tap mode) deployment because the device does not directly inspect the traffic. If you create a rule with the Block or Block with reset action that contains passive or inline (tap mode) interfaces within a security zone condition, the policy editor displays a warning ( |
) next to the rule.