https://live.paloaltonetworks.com/t5/general-topics/firewall-working-as-proxy-for-mail-server/m-p/190055#M57428 <P>yes and no</P> <P>&nbsp;</P> <P>You can load the certificate on the firewall and use it for ssl decryption. The firewall will function as a man-in-the middle proxy and inspect all traffic for malware and threats, but it will still require the endpoint server to communicate using SSL: the firewall cannot terminate the ssl, only act as a middle man.</P> Tue, 05 Dec 2017 10:48:15 GMT reaper 2017-12-05T10:48:15Z https://live.paloaltonetworks.com/t5/general-topics/firewall-working-as-proxy-for-mail-server/m-p/189900#M57416 <P>I have customer using TMG holding public ssl certificate for mail . The mail server doesnt have ssl certifcate.</P><P>Customer wants to eliminate TMG and using palo. Can palo hold the cert to authenticate the ssl . Mail server</P><P>sits behind the palo in trust zone.</P><P>So customer will login to <A href="https://customer_mail.com" target="_blank">https://customer_mail.com</A>. which has public of the palo. Palo holds the cert for this domain,authenticates so customer doesnt get invalid cert . public ip is mapped to internal mail server.</P> Mon, 04 Dec 2017 19:06:50 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-working-as-proxy-for-mail-server/m-p/189900#M57416 inderjit21 2017-12-04T19:06:50Z https://live.paloaltonetworks.com/t5/general-topics/firewall-working-as-proxy-for-mail-server/m-p/190055#M57428 <P>yes and no</P> <P>&nbsp;</P> <P>You can load the certificate on the firewall and use it for ssl decryption. The firewall will function as a man-in-the middle proxy and inspect all traffic for malware and threats, but it will still require the endpoint server to communicate using SSL: the firewall cannot terminate the ssl, only act as a middle man.</P> Tue, 05 Dec 2017 10:48:15 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-working-as-proxy-for-mail-server/m-p/190055#M57428 reaper 2017-12-05T10:48:15Z