SMTP Inbound Decryption

Reply
L2 Linker

SMTP Inbound Decryption

We have decyption turned on for inbound smtp trafffic. It is only decrpyting a portion of the encypted traffic.  I have an open ticket with support but still working through it but I wanted to check to see if anyone else is experiencing issues. I do not believe it is something misconfigured on the firewall as it decrpyts as expected sometimes.

 

This is preventing wildfire, custom signatures, virus signature, etc kicking in when the encrypted emails are not decrypted.

 

Here is a screenshot of the decryption profile:

 

 

Capture_decrypt.PNG

 

In an example the host headers of the email which was not decrypted I can see the message was sent with the follwoing encyption:

 

(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)

 Has anyone expericenced smtp decryption not working?

Community Team Member

Re: SMTP Inbound Decryption

Hi @clewis1,

 

I'm guessing you are using a PAN-OS version older than 7.1.

 

The cipher you put as an example wasn't supported until PAN-OS 7.1 : 

https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969

 

Cheers !

-Kim

L2 Linker

Re: SMTP Inbound Decryption

kiwi

 

Well I think this solves it for me as we are currently at 7.0.5h2.

 

Thanks for the quick reply.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!