Is Decryption needed without URL filtering?

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

Is Decryption needed without URL filtering?

Hello.

 

We currenly have a Palo-5050 v7.18 doing firewalling and URL filtering.

We have SSL decryption enabled.

 

Because Palo does not support transparent authentication using Chromebooks and because we do not like the Palo URL reporting, we are looking at getting rid of the URL filtering part.

 

Do we still need to have SSL decryption enabled for normal firewall apps and function?

 

If yes, does that mean we would need to have multiple SSL certs installed on our client devices:

1 for Palo SSL decyption

1 for new URL filtering product

?

 

Much thanks.

Dan

 

Highlighted
Cyber Elite

Depends on the application you are trying to catch and the need to see threats, short answer is yes you want to decrypt the traffic more than likely so leave that on. 

 

If your new URL filtering product requires SSL decrytion then it will need this as well. I imagine that in a school enviroment you are probably looking at something like a Barracuda, in which case it helps to have SSL decryption enabled and you would need the required certs to configure this correctly loaded onto the client devices. 

Highlighted
L4 Transporter

Hi Dannon,

 

Decryption would be better for application and threat detection. If not, we might not see the application shift which may happen after the base application is read. Decryption requires a certificate which is marked as CA and the private key should be on the firewall. You could have 2 different certificates for Palo Alto, URL filtering service. However, you could also export certificate from one device and import it into another (PA can do that, not sure about the other device).

 

Regards,

Anurag 

================================================================
ACE 7.0, 8.0, PCNSE 7
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!