11-24-2016 07:14 AM
We have decyption turned on for inbound smtp trafffic. It is only decrpyting a portion of the encypted traffic. I have an open ticket with support but still working through it but I wanted to check to see if anyone else is experiencing issues. I do not believe it is something misconfigured on the firewall as it decrpyts as expected sometimes.
This is preventing wildfire, custom signatures, virus signature, etc kicking in when the encrypted emails are not decrypted.
Here is a screenshot of the decryption profile:
In an example the host headers of the email which was not decrypted I can see the message was sent with the follwoing encyption:
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
Has anyone expericenced smtp decryption not working?
11-24-2016 07:22 AM - edited 11-24-2016 07:22 AM
Hi @clewis1,
I'm guessing you are using a PAN-OS version older than 7.1.
The cipher you put as an example wasn't supported until PAN-OS 7.1 :
https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969
Cheers !
-Kim
11-24-2016 07:22 AM - edited 11-24-2016 07:22 AM
Hi @clewis1,
I'm guessing you are using a PAN-OS version older than 7.1.
The cipher you put as an example wasn't supported until PAN-OS 7.1 :
https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Articles/PAN-OS-7-1-Supported-ciphers/ta-p/71969
Cheers !
-Kim
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
