https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190302#M57480 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/73785">@hamza_ineos</a></P> <P>&nbsp;</P> <P>1. you will want to set a policy from tap to tap, allow</P> <P>This will ensure you allow all the packets to be received and APP-ID and scanning to take place on all the received sessions (if you select drop you will only see discarded packets with no further context)</P> <P>&nbsp;</P> <P>2. decryption will only work for inbound connections since you are not able to insert te firewall into the stream (for inbound connections you can import the server certificate and will know the private key)</P> <P>&nbsp;</P> <P>3. make sure you have all the security profiles enabled (best is to create all new profiles that mimic strict enforcement), and set all the desirable URL categories to 'alert' (as allow does not log). If you have a WildFire License fdon't forget to enable WildFire profiles in the AntiVirus profile</P> Wed, 06 Dec 2017 10:38:00 GMT reaper 2017-12-06T10:38:00Z https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190057#M57430 <P>Hello Brothers,</P><P>&nbsp;</P><P>Plz i want make a POC with one of our clients, but i need to know what's th best practise for putting the PaloAlto in TAP mode !!</P><P>i mean:</P><P>1-what's the rule policy that i must create ?? must enable all security profile ?</P><P>2-must make dycryption rule ?</P><P>3-Wich elements i must focus on for the best practise and give the best report to the client ??</P><P>&nbsp;</P><P>Plz help</P><P><FONT color="#FF0000">NB:(technicaly i can deploy PA on TAP mode with no problem)</FONT></P><P>&nbsp;</P><P><FONT color="#000000">Thanks</FONT></P> Tue, 05 Dec 2017 11:06:05 GMT https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190057#M57430 hamza_ineos 2017-12-05T11:06:05Z https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190302#M57480 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/73785">@hamza_ineos</a></P> <P>&nbsp;</P> <P>1. you will want to set a policy from tap to tap, allow</P> <P>This will ensure you allow all the packets to be received and APP-ID and scanning to take place on all the received sessions (if you select drop you will only see discarded packets with no further context)</P> <P>&nbsp;</P> <P>2. decryption will only work for inbound connections since you are not able to insert te firewall into the stream (for inbound connections you can import the server certificate and will know the private key)</P> <P>&nbsp;</P> <P>3. make sure you have all the security profiles enabled (best is to create all new profiles that mimic strict enforcement), and set all the desirable URL categories to 'alert' (as allow does not log). If you have a WildFire License fdon't forget to enable WildFire profiles in the AntiVirus profile</P> Wed, 06 Dec 2017 10:38:00 GMT https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190302#M57480 reaper 2017-12-06T10:38:00Z https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190309#M57481 <P>thanks for very much brother</P><P>ok also i need to know plz, after this POC, what's the very important things that i must looking at and talking about it with client in report side for exemple ??</P> Wed, 06 Dec 2017 11:12:47 GMT https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190309#M57481 hamza_ineos 2017-12-06T11:12:47Z https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190313#M57482 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/73785">@hamza_ineos</a></P> <P>&nbsp;</P> <P>do you know how to run the Security Lifecycle Review?&nbsp;<STRONG><A href="https://riskreport.paloaltonetworks.com/SLR" target="_blank" rel="nofollow noopener noreferrer">https://riskreport.paloaltonetworks.com/SLR</A>&nbsp;</STRONG></P> <P>This will outline the most notable information found in your logs</P> <P>&nbsp;</P> <P>You may want to reach out to your local sales team for assistance how to 'bring' this information to your customer most efficiently</P> Wed, 06 Dec 2017 11:55:47 GMT https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190313#M57482 reaper 2017-12-06T11:55:47Z https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190314#M57483 <P>ok thanks very much brother <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 06 Dec 2017 11:36:40 GMT https://live.paloaltonetworks.com/t5/general-topics/best-practise-for-tap-mode/m-p/190314#M57483 hamza_ineos 2017-12-06T11:36:40Z