topic How to block a Specific `https` Site(internal DMZ) with URL Filtering in General Topics https://live.paloaltonetworks.com/t5/general-topics/how-to-block-a-specific-https-site-internal-dmz-with-url/m-p/158660#M51937 <P>Im new Paloalto FW and welcome any advice.</P><P>&nbsp;</P><P>I`ve applied&nbsp; url block a Specific web site(internal DMZ serverfarm) From Untrust access /w Paloalto pa3020/os 6. Exist system was `https ssl` decrypted. So, when I get into the site with `http`Its blocked with FireWall But when I get into the site with `https' Its not blocked. My question is How can I block `https` url with Pa3020/ os6? thx for reply!</P> Tue, 30 May 2017 01:27:09 GMT JoDW78 2017-05-30T01:27:09Z How to block a Specific `https` Site(internal DMZ) with URL Filtering https://live.paloaltonetworks.com/t5/general-topics/how-to-block-a-specific-https-site-internal-dmz-with-url/m-p/158660#M51937 <P>Im new Paloalto FW and welcome any advice.</P><P>&nbsp;</P><P>I`ve applied&nbsp; url block a Specific web site(internal DMZ serverfarm) From Untrust access /w Paloalto pa3020/os 6. Exist system was `https ssl` decrypted. So, when I get into the site with `http`Its blocked with FireWall But when I get into the site with `https' Its not blocked. My question is How can I block `https` url with Pa3020/ os6? thx for reply!</P> Tue, 30 May 2017 01:27:09 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-block-a-specific-https-site-internal-dmz-with-url/m-p/158660#M51937 JoDW78 2017-05-30T01:27:09Z Re: How to block a Specific `https` Site(internal DMZ) with URL Filtering https://live.paloaltonetworks.com/t5/general-topics/how-to-block-a-specific-https-site-internal-dmz-with-url/m-p/158661#M51938 <P>Welcome to community.</P><P>&nbsp;</P><P>If you want to decrypt traffic from Untrust towards server under your control then you have to export certificate together with private key out from web server and import it into firewall.</P><P>If you click on mag glass is Decrypted yes or no on those sessions?</P><P>If you don't decrypt then Palo will identify site based on website address on certificate as HTTP GET goes through firewall encrypted.</P><P>&nbsp;</P><P><A title="https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/decryption/configure-ssl-inbound-inspection" href="https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/decryption/configure-ssl-inbound-inspection" target="_blank">https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/decryption/configure-ssl-inbound-inspection</A></P> Tue, 30 May 2017 02:06:10 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-block-a-specific-https-site-internal-dmz-with-url/m-p/158661#M51938 Raido_Rattameister 2017-05-30T02:06:10Z