topic Server Response Inspection for HTTPS/VPN/Encrypted Protocols in General Topics https://live.paloaltonetworks.com/t5/general-topics/server-response-inspection-for-https-vpn-encrypted-protocols/m-p/259601#M73594 <P>Hello,</P><P>&nbsp;</P><P>we are experiencing slow/failed downloads and slow/failed file transfers over protocols like HTTPS, SSL, VPN.</P><P>&nbsp;</P><P>like to hear some opinion regarding "Disable Server Response Inspection", does PAN actually inspect encrypted sessions even though there is no SSL Decryption configured?</P><P>&nbsp;</P><P>For DSRI, usual deployments are Inbound traffic toward Public Facing server as per the documentation for trusted servers.</P><P>&nbsp;</P><P>Since there is no SSL decryption configured, would it be better to check the option "DSRI" for encrypted protocols such as HTTPS / SSL??</P><P>&nbsp;</P><P>Thanks.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 02 May 2019 11:55:51 GMT williamhakai 2019-05-02T11:55:51Z Server Response Inspection for HTTPS/VPN/Encrypted Protocols https://live.paloaltonetworks.com/t5/general-topics/server-response-inspection-for-https-vpn-encrypted-protocols/m-p/259601#M73594 <P>Hello,</P><P>&nbsp;</P><P>we are experiencing slow/failed downloads and slow/failed file transfers over protocols like HTTPS, SSL, VPN.</P><P>&nbsp;</P><P>like to hear some opinion regarding "Disable Server Response Inspection", does PAN actually inspect encrypted sessions even though there is no SSL Decryption configured?</P><P>&nbsp;</P><P>For DSRI, usual deployments are Inbound traffic toward Public Facing server as per the documentation for trusted servers.</P><P>&nbsp;</P><P>Since there is no SSL decryption configured, would it be better to check the option "DSRI" for encrypted protocols such as HTTPS / SSL??</P><P>&nbsp;</P><P>Thanks.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 02 May 2019 11:55:51 GMT https://live.paloaltonetworks.com/t5/general-topics/server-response-inspection-for-https-vpn-encrypted-protocols/m-p/259601#M73594 williamhakai 2019-05-02T11:55:51Z Re: Server Response Inspection for HTTPS/VPN/Encrypted Protocols https://live.paloaltonetworks.com/t5/general-topics/server-response-inspection-for-https-vpn-encrypted-protocols/m-p/259619#M73597 <P>if thewre is no ssl decryption, there will be minimal inspection so DISR my not have the desired effect</P> <P>have you checked if there's many renegotiation/handshakes taking place, or possibly fragmentation/duplicate packets at the TCP layer?</P> Thu, 02 May 2019 13:06:21 GMT https://live.paloaltonetworks.com/t5/general-topics/server-response-inspection-for-https-vpn-encrypted-protocols/m-p/259619#M73597 reaper 2019-05-02T13:06:21Z