topic SSL Decryption Exclusions Jamf Protect in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/ssl-decryption-exclusions-jamf-protect/m-p/442125#M1908 <P>We are trialling Jamf Protect but this doesn't support SSL decryption which we use as standard (<A href="https://docs.jamf.com/jamf-protect/documentation/Network_Communication_Used_by_Jamf_Protect.html" target="_blank">https://docs.jamf.com/jamf-protect/documentation/Network_Communication_Used_by_Jamf_Protect.html</A>)</P><P>&nbsp;</P><P>The above doc lists some URL's that need to be excluded from SSL decryption but we are having problems getting it to work. Packet captures show that the URL's given are being resolved to one of many different addresses e.g.&nbsp;<EM>ec2-54-75-144-236.eu-west-1.compute.amazonaws.com&nbsp;</EM>by the time they hit Palo Alto.</P><P>&nbsp;</P><P>We obviously can't add every possible address to our exclusions so the Jamf Environment Test Tool comes back with SSL errors. Has anyone had any luck getting Jamf Protect to work? Or have any suggestions on how to add amazonaws.com URL's to SSL decryption?</P> Wed, 20 Oct 2021 08:50:21 GMT Craig-f3 2021-10-20T08:50:21Z SSL Decryption Exclusions Jamf Protect https://live.paloaltonetworks.com/t5/globalprotect-discussions/ssl-decryption-exclusions-jamf-protect/m-p/442125#M1908 <P>We are trialling Jamf Protect but this doesn't support SSL decryption which we use as standard (<A href="https://docs.jamf.com/jamf-protect/documentation/Network_Communication_Used_by_Jamf_Protect.html" target="_blank">https://docs.jamf.com/jamf-protect/documentation/Network_Communication_Used_by_Jamf_Protect.html</A>)</P><P>&nbsp;</P><P>The above doc lists some URL's that need to be excluded from SSL decryption but we are having problems getting it to work. Packet captures show that the URL's given are being resolved to one of many different addresses e.g.&nbsp;<EM>ec2-54-75-144-236.eu-west-1.compute.amazonaws.com&nbsp;</EM>by the time they hit Palo Alto.</P><P>&nbsp;</P><P>We obviously can't add every possible address to our exclusions so the Jamf Environment Test Tool comes back with SSL errors. Has anyone had any luck getting Jamf Protect to work? Or have any suggestions on how to add amazonaws.com URL's to SSL decryption?</P> Wed, 20 Oct 2021 08:50:21 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/ssl-decryption-exclusions-jamf-protect/m-p/442125#M1908 Craig-f3 2021-10-20T08:50:21Z