Create a standard decryption policy with outbound protection

Note	For information about potential issues when deploying a standard decryption policy to a device that runs a version earlier than 10.0.0, see Standard decryption policy deployment issues to versions earlier than 10.0.0.

The following task discusses how to create a standard decryption policy to protect servers outside your internal network. To decrypt outbound connections, all options on this page are required except where noted. To bypass or block certain outbound connections, only security zones and bypass or block options are required.

Before you begin

Review what an outbound protection decryption policy means in Decrypt and re-sign (outgoing traffic).

Procedure

Step 1	Log in to Security Cloud Control if you haven't already done so.
Step 2	Click Firewall.
Step 3	Click Administration > (name of management center).
Step 4	In the right pane, click Management > Policies.
Step 5	Click Create New > Decryption Policy.
Step 6	In the provided fields, enter a Name and optional Description. The following characters are not supported in decryption policy names: Leading period `#`,`;`,`{`,`}`,`=`,`$`,`<`,`>`
Step 7	Click Create Policy.
Step 8	Slide Outbound Decryption to Enabled as the following figure shows.