https://live.paloaltonetworks.com/t5/general-topics/unknown-tcp-for-exchange-2016-when-decrypted/m-p/255402#M72476 <P>Hi,</P><P>&nbsp;</P><P>I'm doing decryption for Exchange 2013 OWA web part and it was doing good - was seeing mostly applications like ms-exchange, activesync, outlook-web which makes sense.</P><P>Customer upgraded their infrastructure to Exchange 2016 and after trying to decryot that I'm getting a bunch of unknown-tcp traffic after decryption instead of ms-exchange and/or outlook-web. Even for full length sessions with bunch of traffic. Activesync still seems to be recognized normally. Due to that had to allow unknown-tcp traffic in security policy as well, which is not great, but still better then not decrypting at all.</P><P>&nbsp;</P><P>Decryption itself seems to be working fine, as there are no errors, same key was used on the new servers when migration was done.</P><P>&nbsp;</P><P>Have anyone seen similar results?</P> Fri, 29 Mar 2019 13:57:51 GMT nikoo 2019-03-29T13:57:51Z https://live.paloaltonetworks.com/t5/general-topics/unknown-tcp-for-exchange-2016-when-decrypted/m-p/255402#M72476 <P>Hi,</P><P>&nbsp;</P><P>I'm doing decryption for Exchange 2013 OWA web part and it was doing good - was seeing mostly applications like ms-exchange, activesync, outlook-web which makes sense.</P><P>Customer upgraded their infrastructure to Exchange 2016 and after trying to decryot that I'm getting a bunch of unknown-tcp traffic after decryption instead of ms-exchange and/or outlook-web. Even for full length sessions with bunch of traffic. Activesync still seems to be recognized normally. Due to that had to allow unknown-tcp traffic in security policy as well, which is not great, but still better then not decrypting at all.</P><P>&nbsp;</P><P>Decryption itself seems to be working fine, as there are no errors, same key was used on the new servers when migration was done.</P><P>&nbsp;</P><P>Have anyone seen similar results?</P> Fri, 29 Mar 2019 13:57:51 GMT https://live.paloaltonetworks.com/t5/general-topics/unknown-tcp-for-exchange-2016-when-decrypted/m-p/255402#M72476 nikoo 2019-03-29T13:57:51Z https://live.paloaltonetworks.com/t5/general-topics/unknown-tcp-for-exchange-2016-when-decrypted/m-p/255462#M72484 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/42773">@nikoo</a>,</P><P>I would guess that the app-ids simply haven't been expanded to fully support Exchange 2016 just yet. I would log a support case so they can verify that there isn't anything else going on and then raise the issue internally so the proper app-ids get expanded in a feature content update.&nbsp;</P> Fri, 29 Mar 2019 18:33:21 GMT https://live.paloaltonetworks.com/t5/general-topics/unknown-tcp-for-exchange-2016-when-decrypted/m-p/255462#M72484 BPry 2019-03-29T18:33:21Z https://live.paloaltonetworks.com/t5/general-topics/unknown-tcp-for-exchange-2016-when-decrypted/m-p/256572#M72796 <P>Indeed, that's why it is rather strange as I would guess the product is widely used and I would expect it to be recognized properly by this time.</P> Mon, 08 Apr 2019 11:11:47 GMT https://live.paloaltonetworks.com/t5/general-topics/unknown-tcp-for-exchange-2016-when-decrypted/m-p/256572#M72796 nikoo 2019-04-08T11:11:47Z