Few days ago, I 'd changed one of my client's F/W .
Everything was okay but decryption wasn't working.
After few times, I found out what problem was causing that issues.
(added decryption profile and changed policies (service: application-default -> any)
But I don't know why do I have to add profile and changed service. So Please let me know why it has to.
there is information :
Model : 3050
Version : 7.1.7
Model : 3260
Version : 8.1.7
mode : L3
HA : A-P
Was decryption working prior to the HA change? If not then the policies are incorrect because of decryption.
I.E. the firewall will detect ssl over tcp/443 then decrypt it, the traffic is then reinspected and is determined to be web-browsing over tcp/443 instead of tcp/80 so it breaks unless you allow web-browsing over tcp/443.
Heop that helps.
I think I may see/understand your situation.
Prior to 9.x software, the PANOS software did not include secured ports in its AppID.
When SSL:443 traffic is decrypted, the application becomes web-browsing:443 (port does not change)
because 443 is not app-default for web-browsing, then it is not longer a match.
If policy was app-default then you would need to change web-browsing to allow 80, 8080, and 443, or change to service any.
maybe this is your issue?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!