https://live.paloaltonetworks.com/t5/general-topics/where-to-find-information-about-ssl-decryption-is-not-required/m-p/1234701#M124837 <P>Hello guys,</P> <P>&nbsp;</P> <P>I want to know if there is a resource where I can find if SSL decryption is required or not to identified the APP traffic.&nbsp;</P> <P>&nbsp;</P> <P>I have this information inside&nbsp;Palo Alto Networks Content Update mail but I don't find this information in applipedia or somewhere else.</P> <P>&nbsp;</P> <P>Anybody have an idea&nbsp; ?</P> <P>&nbsp;</P> <P>Best,</P> <P>Alexis</P> Fri, 25 Jul 2025 14:39:02 GMT A.Molter 2025-07-25T14:39:02Z https://live.paloaltonetworks.com/t5/general-topics/where-to-find-information-about-ssl-decryption-is-not-required/m-p/1234701#M124837 <P>Hello guys,</P> <P>&nbsp;</P> <P>I want to know if there is a resource where I can find if SSL decryption is required or not to identified the APP traffic.&nbsp;</P> <P>&nbsp;</P> <P>I have this information inside&nbsp;Palo Alto Networks Content Update mail but I don't find this information in applipedia or somewhere else.</P> <P>&nbsp;</P> <P>Anybody have an idea&nbsp; ?</P> <P>&nbsp;</P> <P>Best,</P> <P>Alexis</P> Fri, 25 Jul 2025 14:39:02 GMT https://live.paloaltonetworks.com/t5/general-topics/where-to-find-information-about-ssl-decryption-is-not-required/m-p/1234701#M124837 A.Molter 2025-07-25T14:39:02Z https://live.paloaltonetworks.com/t5/general-topics/where-to-find-information-about-ssl-decryption-is-not-required/m-p/1234787#M124849 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/877616189">@A.Molter</a>&nbsp;,</P> <P>&nbsp;</P> <P>SSL Decryption is required for application traffic that is encrypted by SSL/TLS, if you would like to truly identify what the underlying application is. If you go onto your monitor tab and view traffic from your trust zone to the untrust zone, you will likely find a number of connections that have the app-id "ssl". Without decryption, you don't really know what type of application the connection is because the firewall can't inspect the encrypted payload. The employee could be watching a cnn video or a youtube video.&nbsp;</P> <P>&nbsp;</P> <P>I would recommend taking a look at how much SSL traffic traverses any firewall you might have that sits at the edge. Head over to your ACC tab on your firewall. Then click on SSL activity and set the time frame to last 90 days. How much SSL traffic do you see? How does it compare to other traffic? There is all your application traffic that hides behind encryption.&nbsp;</P> <P>&nbsp;</P> <P>I would recommend reading <A href="https://docs.paloaltonetworks.com/network-security/decryption/administration/decryption-overview" target="_self">Decryption Basics</A> and <A href="https://docs.paloaltonetworks.com/best-practices/10-2/decryption-best-practices" target="_self">Decryption best practices.</A></P> <P>&nbsp;</P> Mon, 28 Jul 2025 15:45:15 GMT https://live.paloaltonetworks.com/t5/general-topics/where-to-find-information-about-ssl-decryption-is-not-required/m-p/1234787#M124849 JayGolf 2025-07-28T15:45:15Z https://live.paloaltonetworks.com/t5/general-topics/where-to-find-information-about-ssl-decryption-is-not-required/m-p/1234854#M124852 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/220841">@JayGolf</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for all thoses advices.</P> <P>&nbsp;</P> <P>But I just want to know if there is a documentation about what applications required decryption to be identified and what not.&nbsp;</P> <P><SPAN class="--l --r container-target">I am surprised to find this information inside&nbsp;Palo Alto Networks Content Update newsletter but not in the applipedia.</SPAN></P> <P>&nbsp;</P> <P><SPAN class="--l --r container-target">This can be helpful to understand what applications can be block or allow in network without decryption.&nbsp;</SPAN></P> Tue, 29 Jul 2025 06:33:23 GMT https://live.paloaltonetworks.com/t5/general-topics/where-to-find-information-about-ssl-decryption-is-not-required/m-p/1234854#M124852 A.Molter 2025-07-29T06:33:23Z