https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28755#M20989 <HTML><HEAD></HEAD><BODY><P>By default, we cannot inspect the contents inside of SSL and the file blocking feature will not apply since the traffic is encrypted.&nbsp; You can enable SSL Decryption whereby the PA device will participate in the SSL process and be able to inspect the SSL contents.&nbsp; File blocking, threat scanning, data filtering, etc will apply once the traffic has been decrypted.</P><P></P><P>Thanks.</P></BODY></HTML> Wed, 28 Dec 2011 19:45:03 GMT rmonvon 2011-12-28T19:45:03Z https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28754#M20988 <HTML><HEAD></HEAD><BODY><P>If a download service uses SSL and PAN has an App and file blocking capability, but under SSL Decryption, it is an exception (ala drobpox), are options are pretty limited, correct?</P></BODY></HTML> Wed, 28 Dec 2011 19:08:59 GMT https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28754#M20988 camkim_MDEA 2011-12-28T19:08:59Z https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28755#M20989 <HTML><HEAD></HEAD><BODY><P>By default, we cannot inspect the contents inside of SSL and the file blocking feature will not apply since the traffic is encrypted.&nbsp; You can enable SSL Decryption whereby the PA device will participate in the SSL process and be able to inspect the SSL contents.&nbsp; File blocking, threat scanning, data filtering, etc will apply once the traffic has been decrypted.</P><P></P><P>Thanks.</P></BODY></HTML> Wed, 28 Dec 2011 19:45:03 GMT https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28755#M20989 rmonvon 2011-12-28T19:45:03Z https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28756#M20990 <HTML><HEAD></HEAD><BODY><P>So File-blocking is effective under the following conditions:</P><P>1) Is identified as an App</P><P>2) has file-blocking feature</P><P><SPAN>3) If SSL is used, and is not on the following list </SPAN><A class="jive-link-external-small" href="https://live.paloaltonetworks.com/docs/DOC-1423">https://live.paloaltonetworks.com/docs/DOC-1423</A><SPAN>. </SPAN></P><P></P><P>Just want to get a very clear understanding before allowing download from specific services. </P></BODY></HTML> Wed, 28 Dec 2011 22:09:34 GMT https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28756#M20990 camkim_MDEA 2011-12-28T22:09:34Z https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28757#M20991 <HTML><HEAD></HEAD><BODY><P>@camkim_MDEA:</P><P></P><P>yes. that looks like a valid way to evaluate this feature and when it is applicable.</P><P></P><P>-Benjamin</P></BODY></HTML> Fri, 30 Dec 2011 23:01:55 GMT https://live.paloaltonetworks.com/t5/general-topics/clarification-on-file-blocking-and-ssl/m-p/28757#M20991 bpappas 2011-12-30T23:01:55Z