The log entry "rule:0 resign Success" appears in the SSL Session Logs although the Catch All Action is Cut-Through.
This message means that a cached Decrypt Action is applied to the flow instead of the Policy Action.
This only happens when a cached session Action is changed from Decrypt to Cut-Through. It does not happen if the Action is changed from Encrypt to Reject/Drop, or other actions.
Rule 0 is the Catch All Action rule when no configured policies are matched.