ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Palo Alto Networks answers the question, "What is SSL Decryption?" and explains how PAN-OS 10.0 brings on new features and options that help you leverage SSL Decryption to decrypt SSL packets safely and efficiently.
Now, more than ever, we are all about privacy and keeping ourselves secure (especially online). That is one of the beauties of SSL (Secure Socket Layer) or HTTPS, its ability to encrypt and secure your online activity.
What is SSL Decryption?
SSL Decryption is the ability to view inside of Secure HTTP traffic (SSL) as it passes through the Palo Alto Networks firewall. Before SSL Decryption, firewall admins would have no access to the information inside an encrypted SSL packet, essentially, masking all activity. However, now SSL Decryption gives you visibility into the SSL packet to find hidden applications and threats inside SSL traffic, given the data is sourced from within your network.
Every day, more internet traffic is being encrypted with SSL or TLS. Some reports show upwards to 90-95% of traffic is now encrypted, depending on the platform. This will only increase in the future, especially, with search engines like Google starting to use HTTPS, and that means more things are encrypted.
Let's dive deeper. The more things become secure, the more that companies are essentially blind to any possible security risks inside the encrypted traffic. The other downside is that attackers are realizing new ways of delivering malware inside of the encrypted traffic.
What are the different ways that Palo Alto Networks can help decrypt traffic?
SSL Forward Proxy (SSL Decryption)
SSL Inbound Inspection
What is SSL Forward Proxy (SSL Decryption)?
SSL Forward Proxy (SSL Decryption) gives the firewall the ability to view inside of the traffic and perform all of the security checks you would not normally be able to see inside of an SSL encrypted packet.
Decryption on a next-generation firewall
What is SSL Inbound Inspection?
SSL Inbound Inspection is a way for the firewall to inspect the communication of a web server protected by the firewall, by decrypting the traffic using the internal web servers SSL Certificate.
What is SSH Proxy?
SSH Proxy is a way that the firewall can decrypt and inspect tunneled SSH traffic passing thru the firewall.
What is TLSv1.3?
TLSv1.3 is the latest version of the TLS(Transport Layer Security) protocol, which is the improved version of SSL. One of the many new features of PAN-OS 10.0 is the ability to decrypt TLSv1.3.
How Can I Configure SSL Decryption?
For detailed instructions on how to implement SSL Decryption, please see the following sections of the Administrator's Guide here: