Create a Decryption Policy with Other Rule Actions
To create a decryption rule with a Do Not Decrypt, Block, Block With Reset, or Monitor rule action, create a decryption policy and edit the policy to add the rule.
When you create a decryption policy, you can create multiple rules at the same time, including multiple Decrypt - Known Key rules and multiple Decrypt - Resign rules.
If you enabled Change Management, you must create and assign a ticket before you can create a decryption policy. Before the decryption policy can be used, the ticket and all associated objects (like certificate authorities) must be approved. For more information, see Creating Change Management Tickets and Policies and Objects that Support Change Management.
Procedure
Step 1 | Log in to Security Cloud Control if you haven't already done so. |
Step 2 | Click and choose . |
Step 3 | Give the policy a unique Name and, optionally, a Description. |
Step 4 | Click Next. |
Step 5 | The bypass page is provided for your information only; you cannot bypass traffic for other types of decryption (such as Block). |
Step 6 | Click Create Policy. |
Step 7 | Wait for the policy to be created. |
Step 8 | Click Edit ( |
Step 9 | Click Add Rule. |
Step 10 | Give the rule a Name. |
Step 11 | From the Action list, click a rule action and see one of the following sections for more information: |
Step 12 | Click Save. |
What to do next
-
Add rule conditions: Decryption Rule Conditions
-
Add a default policy action: Decryption Policy Default Actions
-
Configure logging options for the default action as described in .
-
Set advanced policy properties: Decryption Policy Advanced Options.
-
Associate the decryption policy with an access control policy as described in Associating Other Policies with Access Control.
-
Deploy configuration changes.