byreaper08-09-201711:31 AM - edited 08-09-201711:36 AM
SSL decryption is a very strong tool in the hands of an administrator to protect the network and defend against malware, but some web-based applications have such a setup that decryption is not possible, or breaks the application (client certificates, exceptionally strong encryption, pinholing,...) and you need to set up a no decryption policy.
To exclude a URL category from decryption is easy enough, but what about a single application? At the time of writing, there is an outstanding Feature Request to be able to set applications to non-decrypt, so if you're looking for this particular feature, go ahead and reach out to your sales contact to add your vote to FR ID: 2946.
If you are good with a creative workaround leveraging the new log forwarding capabilities introduced in PAN-OS 8.0, community member @Ozamir was kind enough to share a workaround he put together to tackle an issue with a VPN appliance.