https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-auto-tag-url-to-no-longer-decrypt/m-p/598153#M118982 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/109249">@Adam_DiMarco</a> ,</P> <P>&nbsp;</P> <P>I am surprised no one responded to this post.&nbsp; Here is a video how to do it.</P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=WgG6Hi0T73g" target="_blank" rel="noopener">https://www.youtube.com/watch?v=WgG6Hi0T73g</A></P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Wed, 18 Sep 2024 17:09:17 GMT TomYoung 2024-09-18T17:09:17Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-auto-tag-url-to-no-longer-decrypt/m-p/562278#M113888 <P>Hi,</P> <P>&nbsp;</P> <P>I am working to get SSL decryption built in our environment.&nbsp; I have policies I want to start with.</P> <P>NoDecrypt_ByDestination (add sites as needed to dst and has NoTLSDecrypt-grp)</P> <P>NoDecrypt_BySource</P> <P>NoDecrypt_ByCategory (financial-gov-health-legal and custom URL Object Do-Not-Decrypt)</P> <P>TLS_Decryption - actual decrypt rule</P> <P>&nbsp;</P> <P>What I'd like to see about doing if a user connects to a site/URL that can't be decrypted or fails for ANY reason. That it will then add destination or dst URL to a DAG (NoTLSDecrypt-grp) .&nbsp; That DAG group is in the NoDecrypt_ByDestination.&nbsp; I am thinking of accomplishing this by log forwarding profile with custom filter and built-in-action.</P> <P>&nbsp;</P> <P>I am ware the way this would work:</P> <P>1. is user would first go to site and it fail when it hits the decryption rule.</P> <P>2. LogFwd built-in-action is triggered and dest tagged and in NoTLSDecrypt-grp</P> <P>3. user then retries URL and it is bypassed by hitting NoDecrypt_ByDestination rule.</P> <P>&nbsp;</P> <P>Has anyone configured something like this?&nbsp; This way sites that fail we could periodically audit what has been tagged.</P> <P>&nbsp;</P> <P>Looking for guiance specifically on the buit-in acitons and what to filter for in the threat logs or decryption logs for events were decryption failed.</P> <P>&nbsp;</P> <P>Any help pictured appreciated.</P> <P>Thanks,</P> <P>Adam D</P> Wed, 18 Oct 2023 15:44:52 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-auto-tag-url-to-no-longer-decrypt/m-p/562278#M113888 Adam_DiMarco 2023-10-18T15:44:52Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-auto-tag-url-to-no-longer-decrypt/m-p/598153#M118982 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/109249">@Adam_DiMarco</a> ,</P> <P>&nbsp;</P> <P>I am surprised no one responded to this post.&nbsp; Here is a video how to do it.</P> <P>&nbsp;</P> <P><A href="https://www.youtube.com/watch?v=WgG6Hi0T73g" target="_blank" rel="noopener">https://www.youtube.com/watch?v=WgG6Hi0T73g</A></P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Wed, 18 Sep 2024 17:09:17 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-auto-tag-url-to-no-longer-decrypt/m-p/598153#M118982 TomYoung 2024-09-18T17:09:17Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-auto-tag-url-to-no-longer-decrypt/m-p/599551#M119217 <P>Thanks Tom, exactly what I was looking for.&nbsp; Appreciate it.&nbsp; Still working to build up our SSL Decryption across our network.</P> Fri, 04 Oct 2024 14:20:17 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-auto-tag-url-to-no-longer-decrypt/m-p/599551#M119217 Adam_DiMarco 2024-10-04T14:20:17Z