SSL decryption issue on Palo Alto firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SSL decryption issue on Palo Alto firewall

L1 Bithead
 
3 REPLIES 3

L1 Bithead

We have SSL decryption running on our PAN for selective URL categories however we noticed that at times PAN logs decrypt action for categories not included in decrypt rule. Any idea why this may be happening ? This is not always but we see many traffic/URL filtering logs that has proxy flag set to "yes" for categories we do not decrypt per decrypt rule.

Cyber Elite
Cyber Elite

Some URLs are in multiple categories.

For example dns.google is in in Computer-and-Internet-Info and Encrypted-DNS categories.

 

Check "URL Category List" value for the URL.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

I did check and the URL is part of categories which are not part of decrypt rule. I suspect it is issue with proxy engine on PAN platform

  • 1063 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!