03-16-2011 06:32 AM
SSL decryption seems to interfere with Carbonite. When the policy is enabled, the Carbonite client reports "waiting for connecton to carbonite pro backup server...". I assume I could add a rule to not touch anything in category "online-personal-storage", but I'd rather not just guess until I get it right.
Has anyone had the same experience?
Thanks,
Todd
03-16-2011 06:47 AM
Hi,
as you know, applications use various degrees of SSL.
Some are not implemented to standards or use capabilities in the standards that are not compatible with Palo Alto Networks SSL decryption capability. In addition, SSL decryption cannot be used when servers require client certificates.
You have to avoid SSL decryption if:
• Server requires client certi
ficates
• Non-standard implementations of SSL used
• New certi
ficate authorities can’t be added to the client application
• Client software requires speci
fic server certificates
So, I suggest you to make an exception per Carbonite URLs or Dst IP Address/es.
Regards
03-16-2011 07:54 AM
That will work. In case anyone stumbles onto this, I contacted Carbonite. The IP addresses to exclude are:
38.97.103.128/26
38.111.3.192/26
38.97.75.1/25
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
