If an issue with a decryption deployment requires more
than a short period of time to diagnose, you can temporarily disable
SSL decryption and then re-enable it after you fix the issue without
a Commit operation, so network traffic isn’t disrupted.
In some cases you may want to temporarily
disable SSL decryption. For example, if you deployed SSL decryption
too hastily and something doesn’t work correctly but you’re not
sure what it is, and you have a lot of rules to examine, you can
use the CLI to temporarily turn off decryption and give yourself
time to analyze and solve the issue. After solving the issue, you can
use the CLI to turn SSL decryption back on again. Because temporarily
disabling and then re-enabling decryption using the CLI doesn’t
require a Commit operation, you can do it without disrupting network
traffic.
The following CLI commands temporarily disable SSL
decryption without a Commit and re-enable decryption without a Commit.
The
command to disable SSL decryption doesn’t persist in the configuration after
a reboot. If you turn off decryption temporarily and then reboot
the firewall, regardless of whether the issue has been fixed, decryption
is turned on again.