topic Re: Clientless VPN inpection in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-inpection/m-p/554174#M4292 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/280217">@sbhingarde</a> ,</P> <P>&nbsp;</P> <P>The NGFW already decrypts Clientless VPN because it is the tunnel endpoint.&nbsp; If you look in Monitor &gt; Logs &gt; Traffic, you can filter on the destination IP address that matches the Application URL of one of your Clientless Apps.&nbsp; You will see that the application is web-browsing because it is being decrypted.&nbsp; In my case, the traffic matches the intrazone-default rule.&nbsp; As long as you have security profiles applied to the rule, then you are performing Content-ID on the traffic.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Thu, 17 Aug 2023 12:53:16 GMT TomYoung 2023-08-17T12:53:16Z Clientless VPN inpection https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-inpection/m-p/554087#M4290 <P>Hi, Can we do decryption for Clientless VPN traffic? If no, how is the traffic inspected? This is in regards to BYOD.</P> Thu, 17 Aug 2023 04:40:39 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-inpection/m-p/554087#M4290 sbhingarde 2023-08-17T04:40:39Z Re: Clientless VPN inpection https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-inpection/m-p/554174#M4292 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/280217">@sbhingarde</a> ,</P> <P>&nbsp;</P> <P>The NGFW already decrypts Clientless VPN because it is the tunnel endpoint.&nbsp; If you look in Monitor &gt; Logs &gt; Traffic, you can filter on the destination IP address that matches the Application URL of one of your Clientless Apps.&nbsp; You will see that the application is web-browsing because it is being decrypted.&nbsp; In my case, the traffic matches the intrazone-default rule.&nbsp; As long as you have security profiles applied to the rule, then you are performing Content-ID on the traffic.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Thu, 17 Aug 2023 12:53:16 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/clientless-vpn-inpection/m-p/554174#M4292 TomYoung 2023-08-17T12:53:16Z