cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

4099
Views
10
Helpful
1
Replies
Highlighted
Beginner

Differences between Monitor and Decrypt actions in Decryption Policies

Hi Everybody,

Currently I'm working in my first WSA (S170) implementation and some questions has popped up while I was configuring the Decryption policies. The main question here is:

What are the differences between "monitor" and "decrypt" in the URL Filtering options. As I understand the "decrypt" action allows the WSA to decrypt the packet and treats it like a plain HTTP packet applying the Access Policies, malware inspection and so on. Then I do not really know what the Monitor option does, I'm assuming that it does not decrypt the packet and only checks the destination URL and to allow or not the connection.

Thanks in advance for your collaboration.

Jose M. Cortes H.

1 ACCEPTED SOLUTION

Accepted Solutions
Collaborator

Differences between Monitor and Decrypt actions in Decryption Po

If you set it for Decrypt, it always decrypts stuff in that category.

If you set it to monitor, then other criteria in the policy are used for whether to decrypt or not, such as Web Reputation...

Here's the flow, which I pulled from the online help:

https://wsaip:port/help/wsa_help/index.html?Decryption_policies11.html#wp1208329

1 REPLY 1
Collaborator

Differences between Monitor and Decrypt actions in Decryption Po

If you set it for Decrypt, it always decrypts stuff in that category.

If you set it to monitor, then other criteria in the policy are used for whether to decrypt or not, such as Web Reputation...

Here's the flow, which I pulled from the online help:

https://wsaip:port/help/wsa_help/index.html?Decryption_policies11.html#wp1208329