We have such a problem with Microsoft Exchange OWA which we have recently published through Palo Alto.We have installed certificates with private keys,created necessary rules for PBF and NAT.
Everything is working fine except decryption.We can see in monitoring tab errors like decrypt-error or decrypt-unsupport-param
we have tried to connect from different browsers from outside with from TLS 1.0 to TLS 1.2
we also checked cypher suite which use our Exchange server and the clients' browser
also checked by packet capture
The interesting thing is that in some users there is no problem with decryption but in most users we see that problem
The version of Pan OS is 7.1.10
global protect version 4.0.4
the appliance is VM-300
There are definitly a lot of apps that dont like to be decrypted. A lot of the time its trial and error by watching the logs and testing real time. We had/have similar issues with Lync, basically we cant decrypt it and have to create bypass rules for ours as well as external parties that are hosting Lync/Skype conferences.
Here are a few links to hopefully help out.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!