I am trying to configure URL filtering on an internal SSL web host and having problems. I've found multiple videos and articles on both URL filtering and inbound SSL decryption but I cannot get it to work. I've taken a step back and am just trying to verify the SSL decryption is working. I have uploaded the SSL cert (PKCS12 format) no problem. Also created the decryption profile and the encryption policy rule. Finally, I created a general policy to allow the traffic. All configs were done following the instruction in this video by the Palo Alto community: https://www.youtube.com/watch?v=oTivQY1RHu4
The problem is that I have no way to verify the decryption is working. Other documentation I have found shows there is a decryption log under Monitor ---> Logs. However, on PANOS 9 there is no decryption log. If I look at the Traffic Logs I can see traffic to the SSL web server. If I click on the details I can see the Decrypted flag is not set so it looks like the traffic is not decrypted. Without the right logs I am lost as to what is going on. Is there some log in PANOS 9 that contains more detailed info about decryption?
What are the logs showing you, are they displaying decrypt-error on the session logs? The first things to look at that are the most common are the following. You're going to need to breakout wireshark on this one.
Personally, you'll usually find that you have a mismatch between supported ciphers or the certificate chain as the most common issues.
I can't find any logs related to the decryption at all. Under the Logs section these are the logs I have available:
I've checked all these categories and can find no logs related to SSL decryption.
The decrypt-error would be found in your traffic logs under session_end_reason. That's the only logs you'll find on your version of PAN-OS. You'll need to do the verification legwork yourself.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!