https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-without-url-filtering-license/m-p/253270#M71940 <P>Hello</P><P>&nbsp;</P><P>I plan to put in place a SSL decryption rule to decrypt ssl traffic (SSL forward proxy). But I don't want decrypt traffic for several categories of website such as financial (bank website). I haven't the URL filtering license. I create a first rule "Do not decrypt" where I specify "Financial-services" in the URL category but when I test and reach a bank website, the certificate has been replaced by the certificate confiuged for decryption. Is-it because I haven't the URL filtering licenses ? And if I create on PA an URL category "Do-not-decrypt" with bank website used for the test and add this custom category in the rule "Do not decrypt", the website is not decrypted.&nbsp;</P><P>&nbsp;</P><P>Do you know where I can find a list of bank site to be imported in the URL category created ?</P><P>&nbsp;</P><P>BR</P><P>&nbsp;</P> Tue, 12 Mar 2019 09:02:33 GMT CARRIERJerome 2019-03-12T09:02:33Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-without-url-filtering-license/m-p/253270#M71940 <P>Hello</P><P>&nbsp;</P><P>I plan to put in place a SSL decryption rule to decrypt ssl traffic (SSL forward proxy). But I don't want decrypt traffic for several categories of website such as financial (bank website). I haven't the URL filtering license. I create a first rule "Do not decrypt" where I specify "Financial-services" in the URL category but when I test and reach a bank website, the certificate has been replaced by the certificate confiuged for decryption. Is-it because I haven't the URL filtering licenses ? And if I create on PA an URL category "Do-not-decrypt" with bank website used for the test and add this custom category in the rule "Do not decrypt", the website is not decrypted.&nbsp;</P><P>&nbsp;</P><P>Do you know where I can find a list of bank site to be imported in the URL category created ?</P><P>&nbsp;</P><P>BR</P><P>&nbsp;</P> Tue, 12 Mar 2019 09:02:33 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-without-url-filtering-license/m-p/253270#M71940 CARRIERJerome 2019-03-12T09:02:33Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-without-url-filtering-license/m-p/253528#M71977 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/84878">@CARRIERJerome</a>&nbsp;</P><P>&nbsp;</P><P>First, I am not a paloalto employee but this sounds like you should buy the URL filtering license ... or why don't you us the decryption opt-out response page to inform the users about the decryption and maybe also **bleep** should reach out to you when the access a banking website that is decrypted?</P><P>In general, I assume it could be difficult to find a list as keeping this list current is not that easy (which is why companys want you to pay money for this service <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span>&nbsp; )</P><P>... or you simply start creating your own list <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Wed, 13 Mar 2019 00:07:21 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-without-url-filtering-license/m-p/253528#M71977 Remo 2019-03-13T00:07:21Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-without-url-filtering-license/m-p/253533#M71979 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/84878">@CARRIERJerome</a>&nbsp;,</P><P>Agreed with&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/16592">@Remo</a>, if you want to do something like this it would actually make more sense to actually purchase the URL Filtering license so you can actually get category updates.&nbsp;</P><P>FYI, I actually use the URL categories and manually maintain a list of some of the smaller banks that I know my end-users utilize to ensure that we aren't decrypting banking information if we can at all help it.&nbsp;</P> Wed, 13 Mar 2019 02:15:40 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-without-url-filtering-license/m-p/253533#M71979 BPry 2019-03-13T02:15:40Z