Create a decryption rule with decrypt - resign action
This task creates a decryption policy that enables secure inspection and authentication of encrypted traffic using the firewall and the Azure Authentication Service.
This part of the procedure discusses how to create a decryption policy to decrypt and resign traffic before the traffic reaches the SAML realm. The realm can authenticate traffic only after it has been decrypted.
Procedure
Step 1 | If you haven't done so already, log in to the Security Cloud Control. |
Step 2 | If you haven't done so already, create an internal certificate authority object to decrypt TLS/SSL traffic as discussed in PKI objects. |
Step 3 | Click . |
Step 4 | Click . |
Step 5 | Click New Policy. |
Step 6 | Enter a Name and choose a Default Action for the policy. Default actions are discussed in default actions. |
Step 7 | Click Save. |
Step 8 | At the top of the page, click Save. |
What to do next
Continue to Add a rule.Add a rule
Procedure
| Command or Action | Purpose | |
|---|---|---|
Step 1 | Click Add Rule. | |
Step 2 | Enter a Name for the rule. | |
Step 3 | From the Action list, choose Decrypt - Resign. | |
Step 4 | From the with list, choose your service provider certificate object. | |
Step 5 | Click the Applications tab page. | |
Step 6 | In the Available Applications section, enter Azure Authentication Service in the search field. | |
Step 7 | Click Azure Authentication and click Add to Rule. | The following figure shows an example.
|
Step 8 | (Optional.) Set other options as discussed in Rule-based decryption rule conditions. | |
Step 9 | Click Add. | At the top of the page, click Save. |
