https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175583#M55011 <P>Interesting, but I seem to get all that by doing it before. Plus I don't have the&nbsp;<SPAN>XFF value setup ..</SPAN></P><P>&nbsp;</P><P><SPAN>Alex</SPAN></P> Fri, 08 Sep 2017 07:42:20 GMT Alex_Samad 2017-09-08T07:42:20Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175514#M54998 <P>Hi</P><P>&nbsp;</P><P>Where should I be doing the decryption</P><P>&nbsp;</P><P>client -&gt; pa (l3) -&gt; squid -&gt; internet</P><P>or</P><P>client -&gt; squid -&gt; pa (l3) -&gt; internet</P><P>&nbsp;</P><P>I thinking the first one, then I can also see who is making the request&nbsp;</P><P>&nbsp;</P><P>A</P> Thu, 07 Sep 2017 23:46:51 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175514#M54998 Alex_Samad 2017-09-07T23:46:51Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175563#M55005 <P>The problem with on the suggested solution is that palo then only sees http-proxy traffic and nothing else - no url logs and decryption isnt'possible this way.</P><P>So you have to use your second possibility.</P> Fri, 08 Sep 2017 05:03:24 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175563#M55005 Remo 2017-09-08T05:03:24Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175565#M55006 <P>Hi</P><P>&nbsp;</P><P>I'm already doing 1 but with out decrypt and it works fine, it looks into the info and knows its in tunnel mode.</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 08 Sep 2017 05:19:43 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175565#M55006 Alex_Samad 2017-09-08T05:19:43Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175573#M55007 <P>So you have url logs or only the app http-proxy in the traffic log with the username?</P> Fri, 08 Sep 2017 07:16:10 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175573#M55007 Remo 2017-09-08T07:16:10Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175574#M55008 <P>Hi</P><P>&nbsp;</P><P>With what i have right now, which is no decryption i see and can filter on application type so google-mail , facebook chat, it looks inside the traffic.</P><P>&nbsp;</P><P>My policy is basically</P><P>&nbsp;</P><P>any work ip -&gt; to my proxy server ip and port 3128 or 8080 as the service ports, with application set to general internat. I have had to add things as some sites are not under general internet.</P><P>&nbsp;</P><P>I can also who is the user logged into the client pc.</P><P>&nbsp;</P> Fri, 08 Sep 2017 07:19:57 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175574#M55008 Alex_Samad 2017-09-08T07:19:57Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175577#M55009 <P>Ok, in this case I have to thank you for teaching me something new.</P><P>&nbsp;</P><P>Till your post I thought the way to do this in combination with a proxy is&nbsp;</P><P>Client --&gt; proxy --&gt; palo</P><P>And then use the x-forwarded-for http header to identify the user on the firewall</P><P>&nbsp;</P><P>As described here:&nbsp;<A href="https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/identify-users-connected-through-a-proxy-server" target="_blank">https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/identify-users-connected-through-a-proxy-server</A></P> Fri, 08 Sep 2017 07:26:59 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175577#M55009 Remo 2017-09-08T07:26:59Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175583#M55011 <P>Interesting, but I seem to get all that by doing it before. Plus I don't have the&nbsp;<SPAN>XFF value setup ..</SPAN></P><P>&nbsp;</P><P><SPAN>Alex</SPAN></P> Fri, 08 Sep 2017 07:42:20 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175583#M55011 Alex_Samad 2017-09-08T07:42:20Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175773#M55050 <P>Hi Alex</P><P>&nbsp;</P><P>If you already have this setup, it should be pretty easy to test if this now also works with decryption (I am also interessted in your results, even if I don't like these traditional proxy servers <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span> &nbsp;)</P><P>&nbsp;</P><P>Edit: Removed sensless sentence</P><P>&nbsp;</P> Sun, 10 Sep 2017 07:07:58 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175773#M55050 Remo 2017-09-10T07:07:58Z https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175783#M55055 <P>I'm not running the proxies in transparent mode.</P><P>&nbsp;</P><P>and I want all traffic going to proxy for outbound traffic</P> Sun, 10 Sep 2017 02:15:55 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-ssl-decryption-for-web-traffic-and-squid/m-p/175783#M55055 Alex_Samad 2017-09-10T02:15:55Z