Globally exclude domains from decryption
TLS Match elements define matching criteria for the use of the TLS protocol in traffic, and allow you to prevent the specified traffic from being decrypted.
TLS Matches that deny decrypting are applied globally, even if the TLS Match elements are not used in the policy. However, TLS Match elements that are used in specific Access rules can override globally applied TLS matches.
In most cases, TLS Matches are the recommended way to prevent traffic from being decrypted and inspected. Globally excluding domains from decryption can also prevent some Network Applications from being detected in encrypted connections. In this case, you can exclude the domain from TLS inspection.
For more details about the product and how to configure features, click Help or press F1.