https://live.paloaltonetworks.com/t5/general-topics/url-block-continue-on-ssl-doesn-t-continue-page-just-refreshes/m-p/366976#M88778 <P>Hello</P> <P>&nbsp;</P> <P>The idea of creating certificates locally in order to server up a response page without decryption, is a hit and miss, based on how the individual website is seen/received by the PANW FW.</P> <P>&nbsp;</P> <P>My question is surrounding why you would not start to implement decryption for Internet based traffic.</P> <P>Is there a question/concern that prevents you from want to implement it.</P> <P>About 80% of websites are SSL encrypted, that means AV, spyware, and vulnerabilities, ransomeware can enter your network, because you are not decrypting.</P> <P>Your users can/probably are exfiltrating data out of the network, providing loss of intellectual property, credit card, PII, etc.</P> <P>&nbsp;</P> <P>It is recommended that ALL companies start to deploy certs and roll them out to their users.</P> <P>You have already done a large amount of work already... just need to get the certs from the FW (or the root CA) deployed to your users.&nbsp;&nbsp;&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Is there hesitations, and how can we in Live, assist you and your company through making these very important modifications to your configuration?</P> Thu, 03 Dec 2020 01:37:17 GMT S.Cantwell 2020-12-03T01:37:17Z https://live.paloaltonetworks.com/t5/general-topics/url-block-continue-on-ssl-doesn-t-continue-page-just-refreshes/m-p/346464#M86520 <P>I have a "continue" policy set on newly registered domains category.&nbsp; If I visit a site with https I see the continue page but upon clicking continue the block page just refreshes (the guid in the address bar changes).&nbsp;&nbsp;</P><P>&nbsp;</P><P>If I visit the site without SSL, the block page appears, and clicking continue will correctly take me to the site.</P><P>&nbsp;</P><P>What have I misconfigured?&nbsp; I do not have SSL Decryption set up in general and did follow the KB article "How to Serve a URL Response Page Over an HTTPS Session Without SSL Decryption" and I am not getting any sort of cert error.</P> Wed, 02 Sep 2020 19:49:58 GMT https://live.paloaltonetworks.com/t5/general-topics/url-block-continue-on-ssl-doesn-t-continue-page-just-refreshes/m-p/346464#M86520 cenders 2020-09-02T19:49:58Z https://live.paloaltonetworks.com/t5/general-topics/url-block-continue-on-ssl-doesn-t-continue-page-just-refreshes/m-p/366976#M88778 <P>Hello</P> <P>&nbsp;</P> <P>The idea of creating certificates locally in order to server up a response page without decryption, is a hit and miss, based on how the individual website is seen/received by the PANW FW.</P> <P>&nbsp;</P> <P>My question is surrounding why you would not start to implement decryption for Internet based traffic.</P> <P>Is there a question/concern that prevents you from want to implement it.</P> <P>About 80% of websites are SSL encrypted, that means AV, spyware, and vulnerabilities, ransomeware can enter your network, because you are not decrypting.</P> <P>Your users can/probably are exfiltrating data out of the network, providing loss of intellectual property, credit card, PII, etc.</P> <P>&nbsp;</P> <P>It is recommended that ALL companies start to deploy certs and roll them out to their users.</P> <P>You have already done a large amount of work already... just need to get the certs from the FW (or the root CA) deployed to your users.&nbsp;&nbsp;&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Is there hesitations, and how can we in Live, assist you and your company through making these very important modifications to your configuration?</P> Thu, 03 Dec 2020 01:37:17 GMT https://live.paloaltonetworks.com/t5/general-topics/url-block-continue-on-ssl-doesn-t-continue-page-just-refreshes/m-p/366976#M88778 S.Cantwell 2020-12-03T01:37:17Z