11-18-2015 04:23 AM
Hello All,
I am after some help with SSL decryption?
We currently want to decrypt ALL SSL traffic. However moving forward there are 3 catorgies we wish to bypass SSL decyption for BUT only with the use of the opt-out pages not a blanket SSL catorgoy bypass. Is this possible on the Palo?
We are running currently 6.1.3 but can upgrade to 7.0.3 so versions are not a issue if we need to upgrade
But does anyone know if possible and if so how - or possbile other ideas to do this?
Many thanks
12-02-2015 08:36 AM
I think could be possible with a javascript so in all cases the firewall will send the block page but depending on the category you'll have 2 cases: one redirect without user interaction and the other one with the normal page when the user needs to click on the continue botton.
https://live.paloaltonetworks.com/t5/Documentation-Articles/Customizing-Response-Pages/ta-p/57809
Additionally, you can create a response page to show a different message depending on a variable.In the following code, a different message is shown depending on the URL category. If the URLcategory is games, Message 1 would be displayed, if the category as travel, Message 2 would bedisplayed.
If you go for it and start testing it you can use the SDK forum for questions,
https://live.paloaltonetworks.com/t5/SDK-API/bd-p/TechnologiesSDKsDiscussions
Regards,
Gerardo.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
