https://live.paloaltonetworks.com/t5/general-topics/decryption-policy-blocking-things-such-as-facebook/m-p/32738#M23983 <HTML><HEAD></HEAD><BODY><P><SPAN>We recently discovered that due to Facebook now being </SPAN><A class="jive-link-external-small" href="https://" rel="nofollow">https://</A><SPAN> that my users can get out to Facebook when using Internet Explorer.&nbsp; This actually cause quite an issue due to a bug also getting in. </SPAN></P><P></P><P>How do I configure the decryption policy to get in to the session and block the traffic?&nbsp; From what I'm reading I have to configure this to block https sites?&nbsp; </P><P></P><P>Any assistance or advice would be greatly appreciated.</P><P></P><P>Thank you </P></BODY></HTML> Wed, 24 Sep 2014 14:04:14 GMT kaysun 2014-09-24T14:04:14Z https://live.paloaltonetworks.com/t5/general-topics/decryption-policy-blocking-things-such-as-facebook/m-p/32738#M23983 <HTML><HEAD></HEAD><BODY><P><SPAN>We recently discovered that due to Facebook now being </SPAN><A class="jive-link-external-small" href="https://" rel="nofollow">https://</A><SPAN> that my users can get out to Facebook when using Internet Explorer.&nbsp; This actually cause quite an issue due to a bug also getting in. </SPAN></P><P></P><P>How do I configure the decryption policy to get in to the session and block the traffic?&nbsp; From what I'm reading I have to configure this to block https sites?&nbsp; </P><P></P><P>Any assistance or advice would be greatly appreciated.</P><P></P><P>Thank you </P></BODY></HTML> Wed, 24 Sep 2014 14:04:14 GMT https://live.paloaltonetworks.com/t5/general-topics/decryption-policy-blocking-things-such-as-facebook/m-p/32738#M23983 kaysun 2014-09-24T14:04:14Z https://live.paloaltonetworks.com/t5/general-topics/decryption-policy-blocking-things-such-as-facebook/m-p/32739#M23984 <HTML><HEAD></HEAD><BODY><P>Hi Kaysun,</P><P></P><P>Following document will help you to configure SSL decryption.</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-1412">How to Implement SSL Decryption</A></P><P></P><P>Let me know for any query.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Wed, 24 Sep 2014 14:06:21 GMT https://live.paloaltonetworks.com/t5/general-topics/decryption-policy-blocking-things-such-as-facebook/m-p/32739#M23984 hshah 2014-09-24T14:06:21Z https://live.paloaltonetworks.com/t5/general-topics/decryption-policy-blocking-things-such-as-facebook/m-p/32740#M23985 <HTML><HEAD></HEAD><BODY><P>Hello <STRONG style="font-size: 12px; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3b3b3b;"><A _jive_internal="true" class="jiveTT-hover-user jive-username-link" data-avatarid="-1" data-externalid="" data-presence="null" data-userid="4858" data-username="kaysun" href="https://live.paloaltonetworks.com/people/kaysun" style="padding: 0 3px 0 0; font-weight: inherit; font-style: inherit; font-size: 1.1em; font-family: inherit; color: #006595;"><SPAN class="GINGER_SOFTWARE_mark">kaysun</SPAN></A><SPAN style="padding: 0px 3px 0px 0px; font-weight: inherit; font-style: inherit; font-size: 1.1em; font-family: inherit; color: #006595;">,</SPAN></STRONG></P><P></P><P>1. PAN is having app-ID for <SPAN class="GINGER_SOFTWARE_mark">facebook</SPAN>. Hence, you can block <SPAN class="GINGER_SOFTWARE_mark">facebook</SPAN> through a deny rule, without having SSL decryption in place. <SPAN class="GINGER_SOFTWARE_mark">we</SPAN> have multiple application-ID for <SPAN class="GINGER_SOFTWARE_mark">facebook</SPAN> to have more granular control.</P><P></P><P><IMG alt="facebook-app.jpg" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/15734_facebook-app.jpg" style="height: 100px; width: 620px;" /></P><P></P><P>2. In general, for HTTPS (SSL) connection, PAN will not be able to verify the content of the packet. Hence, you may use the certificate name <SPAN class="GINGER_SOFTWARE_mark">( </SPAN>through URL filtering) to control that traffic. </P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Wed, 24 Sep 2014 14:23:33 GMT https://live.paloaltonetworks.com/t5/general-topics/decryption-policy-blocking-things-such-as-facebook/m-p/32740#M23985 HULK 2014-09-24T14:23:33Z