SSL decryption and Carbonite

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL decryption and Carbonite

L1 Bithead

SSL decryption seems to interfere with Carbonite.  When the policy is enabled, the Carbonite client reports "waiting for connecton to carbonite pro backup server...".  I assume I could add a rule to not touch anything in category "online-personal-storage", but I'd rather not just guess until I get it right.

Has anyone had the same experience?

Thanks,

Todd

2 REPLIES 2

L0 Member

Hi,

as you know, applications use various degrees of SSL.

Some are not implemented to standards or use capabilities in the standards that are not compatible with Palo Alto Networks SSL decryption capability. In addition, SSL decryption cannot be used when servers require client certificates.

You have to avoid SSL decryption if:

• Server requires client certi

ficates

• Non-standard implementations of SSL used

• New certi

ficate authorities can’t be added to the client application

• Client software requires speci

fic server certificates

So, I suggest you to make an exception per Carbonite URLs or Dst IP Address/es.

Regards

That will work.  In case anyone stumbles onto this, I contacted Carbonite.  The IP addresses to exclude are:

38.97.103.128/26

38.111.3.192/26

38.97.75.1/25

  • 2446 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!