SSL Forward Proxy Decrypt Performance Experiences on 5060

L1 Bithead

SSL Forward Proxy Decrypt Performance Experiences on 5060



My company is planning to migrate from an inhouse MS shop to a Office365 based one. We will be using Ofiice365 to provide access to applications like email, LYNC, and Sharepoint. In order to enforce internal security policy, I need to decrypt all of the connections that originate internally to Office365. The decryption is needed for the obvious security and threat inspection of egress/ingress traffic to Office365.


I am looking for some feedback with regards to performance hits with using a PAN5060. The SSL decrypt requirements are for 5000 subscribers and all of the Office365 based traffic URL's needed to be decrypted.


Any feedback or real life performance experience utilizing the above requirements on a 5060 firewall would be greatly appreciated.


Thanks in advance,


Tags (2)
L7 Applicator

Re: SSL Forward Proxy Decrypt Performance Experiences on 5060

Hello Jaime,

I know for a fact that Lync/Skype break with SSL and they have to be exempt. There are other things such as MS-Updates that break during decryption.


Not sure about the rest of O365, but I think you might not be able to do what you have been asked with.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!