ssl decryption and policy deny

Reply
L4 Transporter

ssl decryption and policy deny

 

I have configured ssl decryption and rule is there to allow the traffic 

IT is hitting the right rule but policy says denied?

 

 

what can be reason for this?

 

Capture.PNG

L7 Applicator

Re: ssl decryption and policy deny

Hello,

Would you also be able to post hte security policy rule that it is supposed to allow the traffic? I see its being decrypted but something is stopping it, maybe the policies are out of order? I see that the application is 'incomplete' this could be because of an out of order deny policy or routing.

 

Is the traffic allowed if decryption is disabled?

 

Just some thoughts,

L7 Applicator

Re: ssl decryption and policy deny

@MP18

I am almost 100% certain that this is because of a decryption error

... https://live.paloaltonetworks.com/t5/General-Topics/Action-and-Session-End-Reason-conflict-when-SSL-...

L4 Transporter

Re: ssl decryption and policy deny

yes i added the screenshot of security policy rule number 24

 

yes traffic is allowed

 

what is out of order policy?

Capture1.PNG

L7 Applicator

Re: ssl decryption and policy deny

Hello,

I was just thinking if you had a deny policy above the allow policy, doesnt look to be the case here. Check out the link that was posted, could be the issue.

 

Regards,

L4 Transporter

Re: ssl decryption and policy deny

Many thanks Remo for replying to the post.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!