https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11653#M8566 <HTML><HEAD></HEAD><BODY><P>Hello Sir,</P><P></P><P>If <SPAN class="GINGER_SOFTWARE_mark">i</SPAN> understand your requirement correctly, are you looking for an option to bypass Decryption policy. If so, there is a facility to negate source and destination address as mentioned below.</P><P></P><P><IMG alt="Decryption-policy.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12068_Decryption-policy.JPG.jpg" style="width: 620px; height: 349px;" /></P><P></P><P>Thanks</P></BODY></HTML> Tue, 11 Mar 2014 06:52:48 GMT HULK 2014-03-11T06:52:48Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11652#M8565 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Is there a way to have a policy for the purpose of not decrypting all https traffic?</P><P>Thank you.</P></BODY></HTML> Mon, 10 Mar 2014 21:43:55 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11652#M8565 MMCiobanu 2014-03-10T21:43:55Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11653#M8566 <HTML><HEAD></HEAD><BODY><P>Hello Sir,</P><P></P><P>If <SPAN class="GINGER_SOFTWARE_mark">i</SPAN> understand your requirement correctly, are you looking for an option to bypass Decryption policy. If so, there is a facility to negate source and destination address as mentioned below.</P><P></P><P><IMG alt="Decryption-policy.JPG.jpg" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/12068_Decryption-policy.JPG.jpg" style="width: 620px; height: 349px;" /></P><P></P><P>Thanks</P></BODY></HTML> Tue, 11 Mar 2014 06:52:48 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11653#M8566 HULK 2014-03-11T06:52:48Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11654#M8567 <HTML><HEAD></HEAD><BODY><P>What I would like is, to be able to NOT DECRYPT any web browsing traffic on port 443. </P><P>I have looked at creating a Decryption Policy Rule, but I don't have an option to add the application, it is only seem to be based on source and destination, as well as URL category.</P></BODY></HTML> Tue, 11 Mar 2014 17:04:13 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11654#M8567 MMCiobanu 2014-03-11T17:04:13Z https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11655#M8568 <HTML><HEAD></HEAD><BODY><P>That's the problem... the application _IS_ SSL until you decrypt it.&nbsp; You must decrypt it in order to see what is inside.&nbsp; </P></BODY></HTML> Tue, 11 Mar 2014 17:07:08 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-decryption-policy-for-all-https-traffic/m-p/11655#M8568 jvalentine 2014-03-11T17:07:08Z