User Identification not working for Decrypted SSL Traffic / Data Filtering

Reply
Highlighted
Not applicable

User Identification not working for Decrypted SSL Traffic / Data Filtering

Hey Guys,

I recently implemented a SSL Decryption Rule to decrypt SSL traffic between my users and a particular destination so I can apply a Data Filtering Rule to it.

Everything appears to be working except that it seems like the User Identification piece is not working..

User Identification appears to be working for everything else except my decrypted SSL Traffic.

Any reason why this is happening? Is the user ID info somehow getting lost in the decryption/re-encryption process?

I am running PAN-OS 4.0.9.

I am implenenting a ssl-forward-proxy rule along with a data filtering rule to detect credit card data (default).

Let me know if there is anything I need to do to get this working.

Thanks.

B

L6 Presenter

Re: User Identification not working for Decrypted SSL Traffic / Data Filtering

How is your userid stuff setup and is it possible for you to update to 4.1.3 or which version is the currently latest for both PANOS and the userid agent?

L5 Sessionator

Re: User Identification not working for Decrypted SSL Traffic / Data Filtering

User-id should be able to map a particular IP address to a user based on either PAN-agent or LDAP user-id agents. So long as we map a user to an IP it should not matter if the traffic is encrypted traffic or not. It should match by IP. Would be good to know which log you are looking at to see user info. Traffic logs should show the source user. Does other traffic from that IP show correct user in the traffic logs?

-Richard

L0 Member

Re: User Identification not working for Decrypted SSL Traffic / Data Filtering

Hi,

I have upgraded paloalto 2050 from ver. 4.0.5 to 4.0.9. After the upgrade, SSL Decryption rule was working with user identification without problem.

After a while, SSL decryption rule has stoped working. There is no change any way.

I have restarted the paloalto and problem has resolved!

Okan.

L3 Networker

Re: User Identification not working for Decrypted SSL Traffic / Data Filtering

Did this issue come back or did the restart fix it permanently?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!