SSL Decryption bug in PAN-OS 9.1.14

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

SSL Decryption bug in PAN-OS 9.1.14

L2 Linker

I recently upgraded from panos 9.1.13-h3 to 9.1.14 then SSL decryption stopped working, in the traffic monitor there wasn't any decryption error but when i excluded a PC the internet worked


and it seams other people are also having the same issue (Reddit ), but its not in the known issue list until now


so i had to revert to the previous version and its working now fine

22 REPLIES 22

Not working to me. 😞

Any recommendation that I can try?

Have you both enabled strip ALPN?

Help the community! Add tags and mark solutions please.

L2 Linker

In my case yes

What do you mean both enabled?

SSL forward proxy settings, follow this guide. Strip ALPN is the known-good workaround for this bug. 

Help the community! Add tags and mark solutions please.

Did disable globally?

You will still be decrypting traffic. 

 

Strip ALPN just downgrades HTTP/2 to HTTP/1 globally. 

Help the community! Add tags and mark solutions please.
  • 10157 Views
  • 22 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!