Panos 8 inbound ssl inspection

Alex_Samad — Sat, 21 Oct 2017 21:21:08 GMT

I have tried to turn this on and well...

My server site has server cert and 1 intermediary cert.

With decryption on it strips the int-ca from the reply ? I find that rather strange why it would do that.

So this makes any request to that site fail

Re: Panos 8 inbound ssl inspection

gwesson — Mon, 23 Oct 2017 17:33:47 GMT

When you do the import of the cert from your web server to the firewall, make sure you're combining the server cert with the intermediate CA. Here are some steps to do so:

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Install-a-Chained-Certificate-Signed-by-a-Public-CA/ta-p/55523

Prior to PAN-OS 8.0, inbound inspection was completely passive. In 8.0, with ECC and DHE support it takes a more active role, so you need to import the full chain (not the root CA though).

Hope that helps!

topic Panos 8 inbound ssl inspection in General Topics

Panos 8 inbound ssl inspection

Re: Panos 8 inbound ssl inspection