topic Inbound SSL Decryption in General Topics https://live.paloaltonetworks.com/t5/general-topics/inbound-ssl-decryption/m-p/218907#M63249 <P>Hi,</P><P>&nbsp;</P><P>I have two questions for folks</P><P>&nbsp;</P><P>1) I have setup Inbound SSL decryption as outlined in the documentation&nbsp; (Import Server Certificate, Create Decryption Policy, Create Decryption Profile), and expected that when I looked at my traffic log to the server in question, I would see the decrypted flag set.&nbsp; However, my entry doesn't list it. How should I be validating that my decryption policy is working?</P><P>&nbsp;</P><P>2) If a web server is set up with HTTP redirect to HTTPS, and an incoming traffic comes into the firewall originally as HTTP, will a decryption policy still be applied, or does the redirect happen on the backend (server side) bypass the decryption policy in some way?</P><P>&nbsp;</P><P>Thanks for any help.</P><P>&nbsp;</P> Fri, 22 Jun 2018 15:15:04 GMT sgoethals 2018-06-22T15:15:04Z Inbound SSL Decryption https://live.paloaltonetworks.com/t5/general-topics/inbound-ssl-decryption/m-p/218907#M63249 <P>Hi,</P><P>&nbsp;</P><P>I have two questions for folks</P><P>&nbsp;</P><P>1) I have setup Inbound SSL decryption as outlined in the documentation&nbsp; (Import Server Certificate, Create Decryption Policy, Create Decryption Profile), and expected that when I looked at my traffic log to the server in question, I would see the decrypted flag set.&nbsp; However, my entry doesn't list it. How should I be validating that my decryption policy is working?</P><P>&nbsp;</P><P>2) If a web server is set up with HTTP redirect to HTTPS, and an incoming traffic comes into the firewall originally as HTTP, will a decryption policy still be applied, or does the redirect happen on the backend (server side) bypass the decryption policy in some way?</P><P>&nbsp;</P><P>Thanks for any help.</P><P>&nbsp;</P> Fri, 22 Jun 2018 15:15:04 GMT https://live.paloaltonetworks.com/t5/general-topics/inbound-ssl-decryption/m-p/218907#M63249 sgoethals 2018-06-22T15:15:04Z Re: Inbound SSL Decryption https://live.paloaltonetworks.com/t5/general-topics/inbound-ssl-decryption/m-p/218946#M63255 <P>Hello,</P><P>I usually test phone a system not internal to my network, i.e. laptop on hotspot, cell phone etc. If it redirects, it should still hit the decryption policy since it will change from&nbsp;web-browsing to ssl traffic. I would say double check your setup and on the cert make sure you imprted the private key as well.</P><P>&nbsp;</P><P>Regards,</P> Fri, 22 Jun 2018 17:37:34 GMT https://live.paloaltonetworks.com/t5/general-topics/inbound-ssl-decryption/m-p/218946#M63255 OtakarKlier 2018-06-22T17:37:34Z