12-26-2024 05:33 AM
Hello, newbie here. One of our clients asked me:
"We have an exchange server which is on site. We need to renew the ssl certificate, I was told that if the Palo Alto firewall performs deep packet inspection, we need to supply the ssl certificate to the firewall.
if it is so, we need to coordinate with my local admin to install the ssl certificate on the server and you will need to do your setup on the firewall, we need to plan a meeting..."
As I read the SSL Inbound Inspection document, the client is right.
May I know the thoughts of those who actually configured a Deep Packet Inspection on their Palo Alto firewall?
Thanks
12-27-2024 10:18 AM
Hello,
I would first check to see if its enabled for that traffic. Go to Policies on the Top menu then Decryption on the Left Menu. Check here to see if inbound inspection is enabled. It would be something like Source Zone Untrust, Destination zone Trust. Could also be listed by IP address or Object name of the Exchange server.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
