Bypassing authentication decryption
If end users authenticate with either single sign-on or secure form-based authentication, web traffic is decrypted as part of the authentication process, regardless of whether SSL decryption is enabled in the policy. There may be some categories with privacy implications where you do not want this decryption to occur, for example financial data sites.
Authentication decryption bypass also applies to traffic going through I Series appliances that is subject to any type of authentication.
To define a web category that is never decrypted during authentication on the SSL tab, under Authentication Decryption Bypass, select the category in the Available categories list, and click the > button to move it to the Selected categories list.
Note the following for the selected categories:
- The selections apply only to end users browsing from proxied connections. They do not apply to roaming users.
- Users browsing these categories will be considered anonymous for both policy enforcement and reporting.