Add security zones (outbound decryption)

This task discusses how to add security zones to an outbound standard decryption policy. A security zone specifies aFirewall Threat Defense device interface that sends traffic to the external server.

Before you begin

Complete the tasks discussed in Create a Decryption Policy with outbound connection protection.

Procedure

Step 1

Click Edit next to Security Zones.

Step 2

In the Security Zones dialog box, do any of the following:

  • Select the check box next to a security zone to add to either the source or destination.

  • To create a new security zone, click Create security zone object.

  • Search for a security zone by entering text in the Search Zones field and pressing Enter.

Note

Click Help (help icon) on any dialog box for more information.

Step 3

Click Add to Source to decrypt traffic that matches the source network or click Add to Destination to decrypt traffic that matches the destination network. If you select both source and destination networks, to be decrypted, traffic must match both security zones.

Typically, the server for which you're decrypting traffic should be in the destination zone.

The following figure shows an example.

Sample outbound decryption policy that decrypts traffic coming from an inside security zone going to destination outside security zone.

Step 4

Click Save.

Step 5

If you're finished configuring your policy, see Decryption policy actions.