SSL-decryption slow

Reply
L4 Transporter

SSL-decryption slow

Hello,

So I have tested SSL decryption today, and I made it work. But for some reason some of the webpages that are being decrypted are extremely slow. Facebook and even support.paloaltonetworks.com are two of them.

I exported a CA certificate from our AD and imported it into the PA as described in a document I found on the knowledgebase.

Look at the attached file for my configuration.

One more thing that is not working is the "block" page when I try to download the eicar test virus file via https.

I can see in the monitor/threat that the file is being blocked but I do not get the block page. Works if I open the eicar virus file via http.

Any suggestions on what the problem can be?

This is an PA-500 with sw version 4.0.3

Jo Christian

Not applicable

Re: SSL-decryption slow

Hi,

I have a similar install than you, but I don't put URL categories filters in decrypt rules (I left it to 'Any') and it works like a charm.

Also are you using some user identification? May be with a captive portal ?

L1 Bithead

Re: SSL-decryption slow

@lardsa

I also have a similar setup to yourself, but I've found that SSL decryption can be very slow on some website including the PAN support portal. I've had to put a rule in to not decrypt the effected websites and the performace then returns.

Can anyone from PAN explain why these performance issues are happening and what else (other than not to decrypt them) can be done to fix it.

I've used other web scanning products with SSL decryption and I've not experienced these sort of performance issues before.

L4 Transporter

Re: SSL-decryption slow

@lardsa

Yes I have tried setting the categories filter to "Any", but it's still a problem.
How does your setup work against https://facebook.com? Take minutes for my setup to open it up when ssl decrypt is enabled.

Yes we use user identification (but not captive portal).

Jo Christian

Not applicable

Re: SSL-decryption slow

Only website that shows slowness for my users with decryption enabled is Google Mail and only with Chrome (IE & Firefox are ok).

I have a support ticket opened for that.

L4 Transporter

Re: SSL-decryption slow

Ok,

So I tested with IE and it things seems to be abit smoother. I always use Chrome.

But what can be the reason for this?

Btw does the block page work for you when trying to open https://secure.eicar.org/eicar_com.zip ?

If antivirus profile is enabled. I see in the log that the file is blocked but I don't get the webpage.

Chrome just hang trying to load the "page/file".

Work as it should if I try to download the file when not using ssl/https.

Jo Christian

Not applicable

Re: SSL-decryption slow

Ok I confirm Block page is not appearing while it does on non SSL one.

Not applicable

Re: SSL-decryption slow

Did you retry since 4.0.4 was released ? It has some SSL fixes in release notes ...

Highlighted
L1 Bithead

Re: SSL-decryption slow

Any news about this issue?

Block-Page didn't display if trying to access https webpages .

ex.

http://www.facebook.com --> Block page is displaying

https://www.facebook.com --> No block page is displaying

Im using version 4.1.4

L3 Networker

Re: SSL-decryption slow

I have the no block page on ssl issue as well
4.0.9 - 4020

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!