This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PA SSL decryption for web traffic and squid

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA SSL decryption for web traffic and squid

Alex_Samad
L4 Transporter

‎09-07-2017 04:46 PM

Hi

 

Where should I be doing the decryption

 

client -> pa (l3) -> squid -> internet

or

client -> squid -> pa (l3) -> internet

 

I thinking the first one, then I can also see who is making the request 

 

A

0 Likes Likes
8 REPLIES 8

Remo
L7 Applicator

‎09-07-2017 10:03 PM

The problem with on the suggested solution is that palo then only sees http-proxy traffic and nothing else - no url logs and decryption isnt'possible this way.

So you have to use your second possibility.

0 Likes Likes

Alex_Samad
L4 Transporter
In response to Remo

‎09-07-2017 10:19 PM

Hi

 

I'm already doing 1 but with out decrypt and it works fine, it looks into the info and knows its in tunnel mode.

 

 

0 Likes Likes

Remo
L7 Applicator
In response to Alex_Samad

‎09-08-2017 12:16 AM

So you have url logs or only the app http-proxy in the traffic log with the username?

0 Likes Likes

Alex_Samad
L4 Transporter
In response to Remo

‎09-08-2017 12:19 AM

Hi

 

With what i have right now, which is no decryption i see and can filter on application type so google-mail , facebook chat, it looks inside the traffic.

 

My policy is basically

 

any work ip -> to my proxy server ip and port 3128 or 8080 as the service ports, with application set to general internat. I have had to add things as some sites are not under general internet.

 

I can also who is the user logged into the client pc.

 

0 Likes Likes

Remo
L7 Applicator
In response to Alex_Samad

‎09-08-2017 12:26 AM

Ok, in this case I have to thank you for teaching me something new.

 

Till your post I thought the way to do this in combination with a proxy is 

Client --> proxy --> palo

And then use the x-forwarded-for http header to identify the user on the firewall

 

As described here: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/identify-users-connected-thro...

0 Likes Likes

Alex_Samad
L4 Transporter
In response to Remo

‎09-08-2017 12:42 AM

Interesting, but I seem to get all that by doing it before. Plus I don't have the XFF value setup ..

 

Alex

Remo
L7 Applicator
In response to Alex_Samad

‎09-09-2017 11:43 AM - edited ‎09-10-2017 12:07 AM

Hi Alex

 

If you already have this setup, it should be pretty easy to test if this now also works with decryption (I am also interessted in your results, even if I don't like these traditional proxy servers 😛  )

 

Edit: Removed sensless sentence

 

0 Likes Likes

Alex_Samad
L4 Transporter
In response to Remo

‎09-09-2017 07:15 PM

I'm not running the proxies in transparent mode.

 

and I want all traffic going to proxy for outbound traffic

0 Likes Likes
  • 3458 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks