Hey everybody!
After watching all tutorials and reading all PAN's walkthroughts, I still fail to disable the SSL Inspection (decryption) on all of the outgoing (or any..) traffic.
This is my decryption profile:
*Rest tabs are default.
This is my Decryption Policy:
*My Security Policy is just any,any,allow (nothing special) and my traffic is never blocked - as I expect.
At this point, I expect every https request of any website to be not inspected. Meaning, now if I open up my Chrome and go to (lets say) https://www.wikipedia.org/ and check the Security Overview (F12 -> Security) - I should see the 'real' Certificate of this website. Same result should apply to the alternative of using openssl command for requesting https websites instead of just browing via Browser Software like Chrome. (openssl s_client -connect wikipedia.org:443)
The issue:
While doing both of the described above, I still get the PAN's Certificate (*issued by PAN) where I try not to apply the decryption.
Capture:
using openssl:
I even explicitly excluded www.wikipedia.org and it did not help:
What am I missing? Yhelp 😄
J.
hey reaper and thanks for the reply.
First, your second suggestion (bypassing specific urls) did not work, i've tried it earlier. That was the reason I generally tried to bypass everything in order to troubleshoot the issue..
Second, I disabled all Decryption Policies and still getting decrypted for some reason.
Cap:
and ofcourse I can still see PAN's Certificate using the F12 on browser / openssl requests for connection on all websites.
In addition, I think I didn't quite understand what u were saying with the proxy service tunneling, and even so, I just did what you suggested.
Did I miss anything again? Do you have another idea?
Thanks again.
J.
