SSL decryption and Carbonite

Reply
L1 Bithead

SSL decryption and Carbonite

SSL decryption seems to interfere with Carbonite.  When the policy is enabled, the Carbonite client reports "waiting for connecton to carbonite pro backup server...".  I assume I could add a rule to not touch anything in category "online-personal-storage", but I'd rather not just guess until I get it right.

Has anyone had the same experience?

Thanks,

Todd

Highlighted
L0 Member

Re: SSL decryption and Carbonite

Hi,

as you know, applications use various degrees of SSL.

Some are not implemented to standards or use capabilities in the standards that are not compatible with Palo Alto Networks SSL decryption capability. In addition, SSL decryption cannot be used when servers require client certificates.

You have to avoid SSL decryption if:

• Server requires client certi

ficates

• Non-standard implementations of SSL used

• New certi

ficate authorities can’t be added to the client application

• Client software requires speci

fic server certificates

So, I suggest you to make an exception per Carbonite URLs or Dst IP Address/es.

Regards

L1 Bithead

Re: SSL decryption and Carbonite

That will work.  In case anyone stumbles onto this, I contacted Carbonite.  The IP addresses to exclude are:

38.97.103.128/26

38.111.3.192/26

38.97.75.1/25

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!