Bypass Telegram App traffic for ssl decryption

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Bypass Telegram App traffic for ssl decryption

L4 Transporter

Hi,

Is there any way to bypass the Telegram app traffic for SSLdecrypt? any idea?

4 REPLIES 4

L5 Sessionator

Firewalls are positive enforcement, meaning they will only do explicitly what you tell them to.

 

If you don't have a rule to decrypt telegram, it won't happen. 

 

If telegram is being picked up as a different app, you can create or modify existing App-IDs to get granular enough to exclude/include.

 

If you are a user on a corporate network that IS decrypting telegram, this isn't the place to talk about offensive sec and product bypassing 🙂

Help the community! Add tags and mark solutions please.

The SSL decrypt rule are based on categories. So no option to only no decrypt "telegram".

You have the ability to create custom categories (EDLs, static lists, etc)

Help the community! Add tags and mark solutions please.

L4 Transporter

Hi 

SSL Decrypt is controlled via URL category and you can also use ports within the Decrypt policy, frankly I am shocked that Telegram does not use a pinned-cert, if it did it would be in the Decryption exclusion list Device > SSL Decryption Exclusion  however the best thing to do would be (in the absence of any useful info on the Telegram website) carry out a packet capture on the firewall and identify the traffic in question and more accurately check where the app is going URL wise.

A good starting point would be a custom URL category with Telegram added and then a do not decrypt policy above your broad decryption policy, however the packet capture would show the detail and this could also be added to the URL category.

 

PCCSA PCNSA PCNSE PCSAE
Mode44 LTD Palo Alto Consultants
  • 4723 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!