Policy Profile
The policy profile consists of multiple rules, with each rule having a decrypt or no-decrypt action for the match condition. For example, there might be a policy to decrypt all but financial-related traffic.
In addition to the rules, the profile also consists of various configuration options that affect the decryption decision as follows:
|
■
|
The default action to take if none of the rules match. |
|
■
|
The URL cache miss action to take if the URL category-based rules are configured, but GigaSMART does not have the category information. |
|
■
|
For decrypted traffic, options to override expired, invalid, self-signed, and unknown CA certificates and to enable or disable the certificate revocation check. |
|
■
|
Whether or not to send decrypted/non-decrypted traffic through the tools. |
Each policy rule consists of a match condition and the decrypt or no-decrypt action for the match. The following rule types are available:
|
■
|
server certificate issuer |
|
■
|
source and destination IP address |
|
■
|
source and destination port numbers |
Note: You can configure up to 2048 policy rules under a policy profile.
