< Home

action (SSL-encrypted traffic detection policy rule view)

Function

The action command configures an action for SSL-encrypted traffic detection policy rule.

Format

action { deny | decrypt profile profile-name | no-decrypt [ profile profile-name ] }

Parameters

Parameter Description Value
deny Indicates a deny action. -
decrypt profile profile-name Indicates the decryption action and specifies the name of a detection profile. The value is a case-insensitive string. If the name does not contain any space, the length ranges from 1 to 32. If the name contains spaces, the name must be quoted by double quotation marks, for example, "user for test", and the length ranges from 3 to 34. The name cannot contain ?, ", and -.
no-decrypt profile profile-name Indicates the no-decrypt action and specifies the name of a detection profile. The value is a case-insensitive string. If the name does not contain any space, the length ranges from 1 to 32. If the name contains spaces, the name must be quoted by double quotation marks, for example, "user for test", and the length ranges from 3 to 34. The name cannot contain ?, ", and -.

Views

SSL-encrypted traffic detection policy rule view

Default Level

2: Configuration level

Usage Guidelines

When the SSL-encrypted traffic detection policy rule is set to no-decrypt, the profile is optional. If profile profile-name is specified, the detection profile type can only be set to no-decrypt. If profile profile-name is not specified, the FW directly allows SSL-encrypted traffic that matches the policy rules to pass through.

Example

# Set the action of SSL-encrypted traffic detection policy rule policy_sec to no-decrypt.

<sysname> system-view
[sysname] decryption-policy
[sysname-policy-decryption] rule name policy_sec
[sysname-policy-decryption-policy_sec] action no-decrypt
Parent Topic: SSL-Encrypted Traffic Detection Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >