I am being asked a lot about why is Anydesk getting a "decrypt-error" end reason when SSL Decryption is active.
Here is a simple explanation and how to overcome this.
What you usually going to do with this kind of errors is creating a Decryption bypass rule for Anydesk (in this example)
Since is it impossible to bypass based on application, you would probably use a Custom URL category with a wildcard (*.anydesk.com), and apply it in a bypass rule. Unfortunately, this doesn't work (I'm not sure why, I think Anydesk uses IP addresses and not URLs)
The other option I came across is using an FQND (relays.net.anydesk.com) published in one of the related articles, that also didn't work for me. It was not consistent.
Then I found that Anydesk is being bypassed by default in PANOS (Device --> Certificate management --> SSL Decryption Exclusion).
Then why isn't it being bypassed?!
Well, it is because of the certificate Anydesk uses. It is using a Self-Signed certificate, and your device does not trust it (yet).
This is the reason for the decrypt-error.
Basically, what you would like to do now is:
Start a packet capture and export the CA certificate.
Then, import the certificate to your device, and mark it as a trusted CA.
Commit, and now Anydesk should work.
I am sharing here the CA certificate currently being used by Anydesk.
Copy the text below to a text file and rename it to ".crt"
Hope this is helpful.
And idea is If you want you can remove Anydesk from the "SSL Decryption Exclusion" and test decrypting it and presenting the users with the trusted certificate as a workaround (they will not see the self signed cert in this way) just check also if the SSL decryption profile allows self signed certficates.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!