Can I choose what categorizes I choose for allowing SSL-Opt Out Pages?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can I choose what categorizes I choose for allowing SSL-Opt Out Pages?

L0 Member

Hello All,

 

I am after some help with SSL decryption?

 

We currently want to decrypt ALL SSL traffic.  However moving forward there are 3 catorgies we wish to bypass SSL decyption for BUT only with the use of the opt-out pages not a blanket SSL catorgoy bypass.  Is this possible on the Palo?

 

We are running currently 6.1.3 but can upgrade to 7.0.3 so versions are not a issue if we need to upgrade

 

But does anyone know if possible and if so how - or possbile other ideas to do this? 

 

Many thanks

1 REPLY 1

L4 Transporter

I think could be possible with a javascript so in all cases the firewall will send the block page but depending on the category you'll have 2 cases: one redirect without user interaction and the other one with the normal page when the user needs to click on the continue botton. 

 

https://live.paloaltonetworks.com/t5/Documentation-Articles/Customizing-Response-Pages/ta-p/57809

Additionally, you can create a response page to show a different message depending on a variable.In the following code, a different message is shown depending on the URL category. If the URLcategory is games, Message 1 would be displayed, if the category as travel, Message 2 would bedisplayed.

 

If you go for it and start testing it you can use the SDK forum for questions,

https://live.paloaltonetworks.com/t5/SDK-API/bd-p/TechnologiesSDKsDiscussions

Regards,

Gerardo.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!