https://live.paloaltonetworks.com/t5/general-topics/application-web-browsing-blocked-using-ssl-decryption/m-p/32312#M23691 <HTML><HEAD></HEAD><BODY><P>Yes, because when you're decrypting a SSL session to expose the underlying application. To the firewall, it will look like web-browsing over port 443. </P></BODY></HTML> Fri, 08 Mar 2013 14:19:34 GMT mharding 2013-03-08T14:19:34Z https://live.paloaltonetworks.com/t5/general-topics/application-web-browsing-blocked-using-ssl-decryption/m-p/32311#M23690 <HTML><HEAD></HEAD><BODY><P>I've defined a simple rule for acces to a ssl-crypted website using application filtering.</P><P>Also all ssl-crypted access to that site will be decrypted.</P><P>The running Software ist PanOS 5.02.</P><P></P><P>When I define a rule for access to that destination and leave the service in "application-default"</P><P>The access wil be blocked an I get two entries in my LOG-File:</P><P>1. start&nbsp;&nbsp;&nbsp;&nbsp; &lt;src&gt; &lt;dst&gt; &lt;src_port&gt; &lt;dst_port: 443&gt; &lt;application: ssl&gt; </P><P>2. deny&nbsp;&nbsp;&nbsp; &lt;src&gt; &lt;dst&gt; &lt;src_port&gt; &lt;dst_port: 443&gt; &lt;application: web-browsing&gt;</P><P></P><P><IMG alt="rule.JPG" class="jive-image-thumbnail jive-image" height="110" src="https://live.paloaltonetworks.com/legacyfs/online/5921_rule.JPG" width="625" /></P><P></P><P>When I change the service from "application" to: "service-https" (port 443) the communication works.</P><P></P><P><IMG alt="rule2.JPG" class="jive-image-thumbnail jive-image" height="78" src="https://live.paloaltonetworks.com/legacyfs/online/5922_rule2.JPG" width="618" /></P><P></P><P>Is that a desired behavior of PaloAlto Firewall?</P><P></P><P>Sincerly Rainer</P></BODY></HTML> Fri, 08 Mar 2013 14:15:59 GMT https://live.paloaltonetworks.com/t5/general-topics/application-web-browsing-blocked-using-ssl-decryption/m-p/32311#M23690 rainer.kranz@sab.sachsen.de 2013-03-08T14:15:59Z https://live.paloaltonetworks.com/t5/general-topics/application-web-browsing-blocked-using-ssl-decryption/m-p/32312#M23691 <HTML><HEAD></HEAD><BODY><P>Yes, because when you're decrypting a SSL session to expose the underlying application. To the firewall, it will look like web-browsing over port 443. </P></BODY></HTML> Fri, 08 Mar 2013 14:19:34 GMT https://live.paloaltonetworks.com/t5/general-topics/application-web-browsing-blocked-using-ssl-decryption/m-p/32312#M23691 mharding 2013-03-08T14:19:34Z https://live.paloaltonetworks.com/t5/general-topics/application-web-browsing-blocked-using-ssl-decryption/m-p/32313#M23692 <HTML><HEAD></HEAD><BODY><P>Which would mean that you can remove the appid:ssl from your second example (only allowing web-browsing or whatever is detected within the ssl-session).</P></BODY></HTML> Sat, 09 Mar 2013 08:35:05 GMT https://live.paloaltonetworks.com/t5/general-topics/application-web-browsing-blocked-using-ssl-decryption/m-p/32313#M23692 mikand 2013-03-09T08:35:05Z