- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-28-2011 11:08 AM
If a download service uses SSL and PAN has an App and file blocking capability, but under SSL Decryption, it is an exception (ala drobpox), are options are pretty limited, correct?
12-28-2011 02:09 PM
So File-blocking is effective under the following conditions:
1) Is identified as an App
2) has file-blocking feature
3) If SSL is used, and is not on the following list https://live.paloaltonetworks.com/docs/DOC-1423.
Just want to get a very clear understanding before allowing download from specific services.
12-28-2011 11:45 AM
By default, we cannot inspect the contents inside of SSL and the file blocking feature will not apply since the traffic is encrypted. You can enable SSL Decryption whereby the PA device will participate in the SSL process and be able to inspect the SSL contents. File blocking, threat scanning, data filtering, etc will apply once the traffic has been decrypted.
Thanks.
12-28-2011 02:09 PM
So File-blocking is effective under the following conditions:
1) Is identified as an App
2) has file-blocking feature
3) If SSL is used, and is not on the following list https://live.paloaltonetworks.com/docs/DOC-1423.
Just want to get a very clear understanding before allowing download from specific services.
12-30-2011 03:01 PM
@camkim_MDEA:
yes. that looks like a valid way to evaluate this feature and when it is applicable.
-Benjamin
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!