09-28-2022 02:18 PM - edited 09-28-2022 02:19 PM
I have seen some older posts with no updates on this very subject so I thought I would start a new thread. I am testing SSL decryption from a couple of workstations and have almost all of the traffic being successfully decrypted. We are a Google suite user with it being our email provider with our own domain. I am on a mac and when using Chrome to access any of the GSuite apps, it is not being decrypted. The cert is showing up as a standard Google Trust Services issued cert instead of my Palo Alto issued cert.
I have blocked all QUIC traffic at the firewall per the Palo Alto published best practices. I have a security rule with any as the source, QUIC as the application and services as Application Default. Just to make sure something wasn't slipping past that rule I added another this morning blocking all udp traffic over 80 & 443 to no avail. The logs show tons of blocked QUIC traffic from my workstation. When I log into any of the GSuite apps from Safari, it is decrypted as expected.
Any suggestions?
11-09-2022 06:25 AM
Have you checked the Decryption log (monitor > Logs > Decryption) to see if it's being bypassed or failing?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
