https://live.paloaltonetworks.com/t5/next-generation-firewall/ssl-policy-rule-and-needed-match-application-values/m-p/608977#M4404 <P>Hello,</P> <P>I have a quick question in regards to SSL decryption and policy match values.</P> <P>If I have SSL decryption, and I want to allow 'facebook-chat' for example, I know a policy rule with the app facebook-chat and it's dependencies '<SPAN>facebook-base,mqtt-base</SPAN>' is needed.</P> <P>&nbsp;</P> <P>I also understand that the implicit use applications will be allowed through that policy by default although it is not explicitly mentioned.</P> <P>&nbsp;</P> <P>My question is, do I need the rule to also allow 'ssl' so the traffic is allowed while it gets decrypted and identified?</P> <P>&nbsp;</P> <P>Thanks in advance for the clarification.</P> <P>&nbsp;</P> Mon, 21 Oct 2024 03:05:18 GMT Punite 2024-10-21T03:05:18Z https://live.paloaltonetworks.com/t5/next-generation-firewall/ssl-policy-rule-and-needed-match-application-values/m-p/608977#M4404 <P>Hello,</P> <P>I have a quick question in regards to SSL decryption and policy match values.</P> <P>If I have SSL decryption, and I want to allow 'facebook-chat' for example, I know a policy rule with the app facebook-chat and it's dependencies '<SPAN>facebook-base,mqtt-base</SPAN>' is needed.</P> <P>&nbsp;</P> <P>I also understand that the implicit use applications will be allowed through that policy by default although it is not explicitly mentioned.</P> <P>&nbsp;</P> <P>My question is, do I need the rule to also allow 'ssl' so the traffic is allowed while it gets decrypted and identified?</P> <P>&nbsp;</P> <P>Thanks in advance for the clarification.</P> <P>&nbsp;</P> Mon, 21 Oct 2024 03:05:18 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/ssl-policy-rule-and-needed-match-application-values/m-p/608977#M4404 Punite 2024-10-21T03:05:18Z