browse
Behavior
In a web policy rule set with https decryption enabled, traffic will be decrypted only if a Server Name Indicator (SNI) is present in the TLS handshake.
Explanation
The above behavior is by design.
Resolution
Security and Acceptable Use Policies will still be applied based on the destination servers where the request is being sent to. Destination lists can be created for these destination servers and rules can be enforced accordingly.
Any blocks for DNS policies for Tunnels and AnyConnect will still apply.