Bypassing authentication decryption
If end users authenticate with either single sign-on or secure form-based authentication, web traffic is decrypted as part of the authentication process, regardless of whether SSL decryption is enabled in the policy. There may be some categories with privacy implications where you do not want this decryption to occur, for example financial data sites.
Note: The appliance does not currently support authentication decryption bypass for custom categories.
To define a web category that is never decrypted during authentication on the SSL tab, under Authentication Decryption Bypass, select the category in the Available categories list, and click the > button to move it to the Selected categories list.
Note the following for the selected categories:
- The selections apply only to end users browsing from proxied connections. They do not apply to roaming users.
- Users browsing these categories will be considered anonymous for both policy enforcement and reporting.