topic SSL Decryption and Security profiles in General Topics

SSL Decryption and Security profiles

FWPalolearner — Mon, 18 Jan 2021 17:40:24 GMT

I have a question . Currently PA 3020 cluster we don't have ssl decryption enabled . We plan to do it in March

However , if we enable all other security features like AV,Antispyware File blocking , Vulnerabilty Protection , Wildfire etc , it wont be fully effective as all these Security profiles cant see what is going inside SSL unless we have SSL Decryption ?

Even URL filtering Profile wont be effective , for example there is restricted website but using https and we block the category , it wont be effective as we are not doing ssl decryption ?

Re: SSL Decryption and Security profiles

reaper — Mon, 18 Jan 2021 22:58:17 GMT

for malware that is absolutely right; as long as you're not ssl decrypting you wont be able to detect and block malware inside ssl encrypted traffic and many malware are starting to abuse that shortcoming and using ssl as transport

for url filtering, it depends: main categories you'll be able to filter as the certificate and SNI can be 'read' to ascertain the URL and apply a category, but any 'multi category' sites that split up once you dive deeper into the website won't trigger the appropriate subcategories without ssl decryption