Issues with SSL Inspection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Issues with SSL Inspection

L3 Networker

Hi,

 

I am having this weird issue where an application breaks because of SSL inspection. I have made an exclusion  based on the certificate:

ssl-exclude-cert [ login.salesforce.com *.salesforce.com ];

 

However, the firewall still decrypts the traffic, and it looks like it does when a different application is detected:

 

salesforce.JPG

 

This traffic is generated by the same user application and uses the same certificate.

 

Has anybody else experienced this and was able to figure out how to solve it?

 

Thank you.

6 REPLIES 6

L5 Sessionator

add these url to exclude list

www.salesforce.com/

login.salesforce.com/

*.salesforce.com/

 

 

unfortunately, this still did not solve the issue. The user would have to try multiple times to log in to be succesful and it still looks like the firewall is inspecting traffic, despite the exclusions.

Can you post screenshot of your no-decrypt policy?

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

please see below:

 

no-decrypt policy.JPG

 

ssl safe list.JPG

 

Thank you.

And this no-decrypt policy is top one?

 

Go to Monitor > URL Filtering

Use following filter

( url contains salesforce )

Add column "Decrypted"

You can remove source user fields.

And take screenshot of that.

 

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Also try to remove ending / from URL's in safelist.

Never mind. Tested and worked both ways - with / and without.

 

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 3516 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!