SSL/TLS Inspection Rules: Decryption profile required when action is "Do not decrypt"?

Just noticed when I'm creating a SSL/TLS inspection rule where the 'Action' is set to 'Do not decrypt', I still have to select a 'Decryption profile'. What's the purpose of the decryption profile if the rule is not decrypting?

'

Parents Reply Children
  • Hi Shred,

    The question arises why are you using SSL/TLS (DPI) if you are not decrypting the packets through that rule?

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • I have a rule I use to temporarily bypass decrypting traffic. Regardless, the use case doesn't matter. There's an option to select the action "Do not decrypt" so I'm assuming this is an intentional/intended functionality of SSL/TLS Inspection Rules. Michael Dunn's post explains my original question. All I'm suggesting is how it's labeled isn't the most clear/logical. It's minor though so I'm not overly concerned.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/