06-01-2016 12:28 AM
I was wondering if TeamViewer uses certificate pinning so I tried to decrypt it. I've set a simple decrypt rule to decrypt everything from one IP going to internet. But the rule doesn't seem to work for TeamViewer. All SSL sessions are decrypted but teamviewer-base isn't. I've also tried sharing file over it and I didn't see it in data log, also application didn't change to teamviewer-sharing. So I'm pretty sure TeamViewer didn't get decrypted while other SSL sessions did.
Any idea what am i missing? If teamviewer doesn't allow to be decryted then i would expect to not be able to connect and not just ignore decryption rule and work.
06-01-2016 02:06 AM
There is a list of applications that Palo Alto will not decrypt as it knows it will brake the app.
List is here:
Try to play around with Decryption profile. There you can block sessions if decryption is not possible.
06-01-2016 02:13 AM
Ok, ty for the list. But TeamViewer is not on it.
I guess that means TeamViewer either uses unsupported versions or cipher suites.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
