https://live.paloaltonetworks.com/t5/automation-api-discussions/deafult-decryption/m-p/50343#M1140 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I run a HA-cluster of PA-5020 PAN OS 5.0.10</P><P></P><P>I've just noticed that since I've upgraded from 5.0.8 to 5.0.10 a specific traffic was identified as web-browsing instead of as before SSL.</P><P>It seems that traffic identified as web-browsing over port TCP 443 always is decrypted. Is this so? The only way I've managed to control this is by a Application Override rule to identify the taffic as a other app then web-browsing.</P><P></P><P>How can I control what is being decrypted and not other than by my decryption rules?</P><P><BR />BR // Per</P></BODY></HTML> Tue, 18 Mar 2014 09:15:03 GMT per_markgren 2014-03-18T09:15:03Z https://live.paloaltonetworks.com/t5/automation-api-discussions/deafult-decryption/m-p/50343#M1140 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I run a HA-cluster of PA-5020 PAN OS 5.0.10</P><P></P><P>I've just noticed that since I've upgraded from 5.0.8 to 5.0.10 a specific traffic was identified as web-browsing instead of as before SSL.</P><P>It seems that traffic identified as web-browsing over port TCP 443 always is decrypted. Is this so? The only way I've managed to control this is by a Application Override rule to identify the taffic as a other app then web-browsing.</P><P></P><P>How can I control what is being decrypted and not other than by my decryption rules?</P><P><BR />BR // Per</P></BODY></HTML> Tue, 18 Mar 2014 09:15:03 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/deafult-decryption/m-p/50343#M1140 per_markgren 2014-03-18T09:15:03Z https://live.paloaltonetworks.com/t5/automation-api-discussions/deafult-decryption/m-p/50344#M1141 <HTML><HEAD></HEAD><BODY><P>Dear per.markgren,</P><P>The PaloAlto will only decrypt traffic based on the decryption policies. web-browsing is not decrypted by default, this can only be because you have a decryption policy in place.</P><P>If you do not want to decrypt certain traffic just create a rule for it under the decryption policies</P><P>ex: source: xxx / destination: any / service: http / action = NO-DECRYPT</P><P>Put that rule at the top, and this traffic will no longer be decrypted.</P></BODY></HTML> Wed, 26 Mar 2014 16:17:37 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/deafult-decryption/m-p/50344#M1141 mr.linus 2014-03-26T16:17:37Z https://live.paloaltonetworks.com/t5/automation-api-discussions/deafult-decryption/m-p/50345#M1142 <HTML><HEAD></HEAD><BODY><P>Hi Per,</P><P></P><P>to control what is being decryped take look on a log-entry which you want to check</P><P><IMG alt="ssl.PNG.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12469_ssl.PNG.png" style="width: 620px; height: 254px;" /></P><P>when decrypted is checked you can be shure</P><P></P><P>Regards Klaus</P></BODY></HTML> Wed, 26 Mar 2014 16:34:43 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/deafult-decryption/m-p/50345#M1142 kdd 2014-03-26T16:34:43Z