https://live.paloaltonetworks.com/t5/next-generation-firewall/ssl-termination-at-palo-alto-ngfw/m-p/568498#M2218 <P>Can Palo Alto NGFW support SSL Termination<BR />ConsumerAPP (2Way SSL) --&gt; Palo Alto NGFW support --&gt; (1Way) to Service provider</P> Tue, 05 Dec 2023 21:22:53 GMT pvrm123 2023-12-05T21:22:53Z https://live.paloaltonetworks.com/t5/next-generation-firewall/ssl-termination-at-palo-alto-ngfw/m-p/568498#M2218 <P>Can Palo Alto NGFW support SSL Termination<BR />ConsumerAPP (2Way SSL) --&gt; Palo Alto NGFW support --&gt; (1Way) to Service provider</P> Tue, 05 Dec 2023 21:22:53 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/ssl-termination-at-palo-alto-ngfw/m-p/568498#M2218 pvrm123 2023-12-05T21:22:53Z https://live.paloaltonetworks.com/t5/next-generation-firewall/ssl-termination-at-palo-alto-ngfw/m-p/569189#M2240 <P>&nbsp;</P> <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1044684617">@pvrm123</a>&nbsp;</P> <P>PaloAlto firewall supports both inbound and outbound SSL decryption.</P> <P>In <STRONG>Inbound Inspection</STRONG> mode, PAN-OS will not act as a proxy with SSL traffic that matches the policy. Instead, PAN-OS will attempt to decrypt this SSL traffic 'on-the-fly' by eavesdropping on the SSL handshake and using the associated Certificate (Key Pair) configured in the decryption policy.</P> <P>For more details, you can refer to the following Knowledge Base (KB) article:</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV8CAK" target="_new">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV8CAK</A></P> Mon, 11 Dec 2023 02:55:24 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/ssl-termination-at-palo-alto-ngfw/m-p/569189#M2240 akuzhuppilly 2023-12-11T02:55:24Z