This section describes application scenarios and methods of configuring the block action for SSL-encrypted traffic.
The FW directly blocks the traffic matching certain decryption policy rules and discards the SSL-encrypted traffic. No security check is performed on the blocked traffic. In this scenario, no detection profile needs to be specified for the action.
Choose Policy > Encrypted Traffic Detection > Detection Policy, click Add to configure rules for the detection policy, and set Action to Block.
Configure matching rules for the SSL-encrypted traffic detection policy, and run the action deny command to configure the block action. Assume that the name of the configured policy rule is policy_sec, the configuration procedure is as follows:
<sysname> system-view [sysname] decryption-policy [sysname-policy-decryption] rule name policy_sec [sysname-policy-decryption-policy_sec] action deny