SSL Decrypt Sites Being Blocked by Default Rule

SSL Decrypt Sites Being Blocked by Default Rule

16719
Created On 09/26/18 13:55 PM - Last Modified 06/09/23 07:41 AM


Resolution


Issue

All  SSL encrypted sites to be decrypted by the firewall are blocked by a default rule and not hitting the allow rule which preceeds it.

 

Resolution

If a policy is set for the application "'web-browsing" and the service is set as "application-default", SSL traffic will never hit the policy as it is coming in on port 443.  The default port for "web-browsing" is port 80.  Even though the application is being seen as "web-browsing" the port is not the default and traffic will go to the next matching policy.  Setting the service to "any'  in the allow rule will resolve the issue.

 

Screen Shot 2014-09-19 at 4.43.33 PM.png

 

owner:  nayubi
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1sCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language