This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

financial-services is exempt from decryption still decrypt error

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

financial-services is exempt from decryption still decrypt error

Go to solution
MP18
Cyber Elite
Cyber Elite

‎11-27-2019 12:01 PM

PA running 8.1.9  we have rule from any source any zone do not decrypt financial-services category.

CLI  test 

 

test decryption-policy-match source 10.x.x.x  destination 23.249.200.33 category financial-services

Matched rule: 'No_Decrypt' action: no-decrypt

 

Traffic log shows decrypt error URL log shows no decrypt.

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite
In response to MP18

‎11-27-2019 01:11 PM

Hello,

I have a better understanding now. So what I would do is the following:

 

Create a security policy that allows that machine to only go to the specific web address.

Create a  decryption policy that allows all traffic sourced from the machine to bypass encryption.

 

You still know exactly where its going and what its doing.

 

Just a thought.

View solution in original post

7 REPLIES 7

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite

‎11-27-2019 12:28 PM

Hello,

It could be because you are using an IP address instead of the URL. Check the URL against the PAN-DB URl checker.

 

https://urlfiltering.paloaltonetworks.com/

 

If its listed correctly there, then the URL should not be decrypted.

 

Regards,

0 Likes Likes

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to OtakarKlier

‎11-27-2019 12:31 PM

on traffic log it shows category as unknown and on url filtering logs i see

 

ipg1.moneris.com/  and category as financial services

 

 

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite
In response to MP18

‎11-27-2019 12:33 PM

Hello,

If you browse to it from a workstation, does it try to decrypt the traffic?

Regards,

0 Likes Likes

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to OtakarKlier

‎11-27-2019 01:07 PM

PRoblem is it is ticket vending machine which uses that 

 

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to MP18

‎11-27-2019 01:09 PM

url log shows ipg1.moneris.com/

 

i can not access this from my pc 

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite
In response to MP18

‎11-27-2019 01:11 PM

Hello,

I have a better understanding now. So what I would do is the following:

 

Create a security policy that allows that machine to only go to the specific web address.

Create a  decryption policy that allows all traffic sourced from the machine to bypass encryption.

 

You still know exactly where its going and what its doing.

 

Just a thought.

Go to solution
MP18
Cyber Elite
Cyber Elite
In response to OtakarKlier

‎11-27-2019 01:16 PM

I create the decryption security policy to exempt all the traffic to that  destination ip address.

Since then PA is not decrypting.

 

Also SSL decryption exclusion list i put *.moneris.com and it did not worked.

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 1 accepted solution
  • 3934 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks