I recently implemented a SSL Decryption Rule to decrypt SSL traffic between my users and a particular destination so I can apply a Data Filtering Rule to it.
Everything appears to be working except that it seems like the User Identification piece is not working..
User Identification appears to be working for everything else except my decrypted SSL Traffic.
Any reason why this is happening? Is the user ID info somehow getting lost in the decryption/re-encryption process?
I am running PAN-OS 4.0.9.
I am implenenting a ssl-forward-proxy rule along with a data filtering rule to detect credit card data (default).
Let me know if there is anything I need to do to get this working.
How is your userid stuff setup and is it possible for you to update to 4.1.3 or which version is the currently latest for both PANOS and the userid agent?
User-id should be able to map a particular IP address to a user based on either PAN-agent or LDAP user-id agents. So long as we map a user to an IP it should not matter if the traffic is encrypted traffic or not. It should match by IP. Would be good to know which log you are looking at to see user info. Traffic logs should show the source user. Does other traffic from that IP show correct user in the traffic logs?
I have upgraded paloalto 2050 from ver. 4.0.5 to 4.0.9. After the upgrade, SSL Decryption rule was working with user identification without problem.
After a while, SSL decryption rule has stoped working. There is no change any way.
I have restarted the paloalto and problem has resolved!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!