06-19-2017 08:26 AM
With my new employer I'm managing a 3050 unit with a couple of Decryption Policy Rules which are configured to decrypt using SSL Forward Proxy. The Decryption Profile under Options is set to None. I can't find what the behaviour is when the decryption profile is set to None.
I appreciate any help.
Jeff
06-19-2017 08:31 AM
Your firewall tries its best. Everything which it is not able to decrypt will be added to a temporary exclude-cache and will pass without being decrypted
06-19-2017 09:20 AM
Yes, you're right. But the profile set to none as mentionned by @jeff6strings it's more a "best effort" thing. (but at least PAN-OS 8.0.x is able to decrypt almost everything)
06-19-2017 08:31 AM
Your firewall tries its best. Everything which it is not able to decrypt will be added to a temporary exclude-cache and will pass without being decrypted
06-19-2017 09:12 AM - edited 06-19-2017 09:21 AM
I thought that the profile is an additional check for both decrypted&excluded traffic:
06-19-2017 09:20 AM
Yes, you're right. But the profile set to none as mentionned by @jeff6strings it's more a "best effort" thing. (but at least PAN-OS 8.0.x is able to decrypt almost everything)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
