If a download service uses SSL and PAN has an App and file blocking capability, but under SSL Decryption, it is an exception (ala drobpox), are options are pretty limited, correct?
Solved! Go to Solution.
By default, we cannot inspect the contents inside of SSL and the file blocking feature will not apply since the traffic is encrypted. You can enable SSL Decryption whereby the PA device will participate in the SSL process and be able to inspect the SSL contents. File blocking, threat scanning, data filtering, etc will apply once the traffic has been decrypted.
So File-blocking is effective under the following conditions:
1) Is identified as an App
2) has file-blocking feature
3) If SSL is used, and is not on the following list https://live.paloaltonetworks.com/docs/DOC-1423.
Just want to get a very clear understanding before allowing download from specific services.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!