- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-05-2020 12:36 PM
I am trying to configure URL filtering on an internal SSL web host and having problems. I've found multiple videos and articles on both URL filtering and inbound SSL decryption but I cannot get it to work. I've taken a step back and am just trying to verify the SSL decryption is working. I have uploaded the SSL cert (PKCS12 format) no problem. Also created the decryption profile and the encryption policy rule. Finally, I created a general policy to allow the traffic. All configs were done following the instruction in this video by the Palo Alto community: https://www.youtube.com/watch?v=oTivQY1RHu4
The problem is that I have no way to verify the decryption is working. Other documentation I have found shows there is a decryption log under Monitor ---> Logs. However, on PANOS 9 there is no decryption log. If I look at the Traffic Logs I can see traffic to the SSL web server. If I click on the details I can see the Decrypted flag is not set so it looks like the traffic is not decrypted. Without the right logs I am lost as to what is going on. Is there some log in PANOS 9 that contains more detailed info about decryption?
10-05-2020 12:50 PM
What are the logs showing you, are they displaying decrypt-error on the session logs? The first things to look at that are the most common are the following. You're going to need to breakout wireshark on this one.
Personally, you'll usually find that you have a mismatch between supported ciphers or the certificate chain as the most common issues.
10-05-2020 01:04 PM
I can't find any logs related to the decryption at all. Under the Logs section these are the logs I have available:
Traffic
Threat
URL Filtering
Wildfire Submissions
Data Filtering
HIP Match
IP-Tag
User-ID
Tunnel Inspection
Configuration
System
Alarms
Authentication
Unified
I've checked all these categories and can find no logs related to SSL decryption.
10-05-2020 01:13 PM
The decrypt-error would be found in your traffic logs under session_end_reason. That's the only logs you'll find on your version of PAN-OS. You'll need to do the verification legwork yourself.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!