10-14-2019 06:34 AM
Hi all,
i have a PA firewall used for internet navigation and a transparent proxy for Web navigation.
I have enabled ssl decryption for a specific URL category that i have set in url profile in block-continue.
If i set my PDL browser with the proxy i didn't recive the response page and the connection goes in timeout. If i remove proxy from pdl it works fine.
I set a pcap filter(with paloalto engeener) and we notice that in the different stage:
We have squid as proxy but i didn't find any guide or configuration for this issue. Do you have some ideas:D
Thanks a lot
Gianpiero
10-15-2019 11:10 AM
Well, I think I may have some questions and maybe some answers... 😛
I am not familar with a PDL browser... maybe you could help with that question.
In order for SSL Forward Proxy to work correctly (based on my understanding as instructor), the public cert from the Internet (facebook, bankofamerica, etc) needs to be seen by the outside interface of the FW.
I have some sneaky suspicion that the web proxy that you have in front of the FW is causing issue.
Which then asks another question.. if you have PAN-DB, why the need for a Web Proxy, when the firewall can be used to allow/disallow web site traffic, based on URL category.
Maybe you could provide some additional details to help us out. (but step 1... try without the web proxy, if possible... just trying to remove obvious pieces that may causing errors/breakage of traffic)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
