This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SSL decryption on PA incase the SSL termintated on WAF

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL decryption on PA incase the SSL termintated on WAF

msalhi
L0 Member

‎07-03-2020 07:03 PM

We have a website hosted behind WAF and Firewall (Palo Alto). The WAF already has the server valid SSL Certificate from public CA. Do we need to install SSL certificate (decryption ) on PA Firewall also for inbound traffic to make it more secure ? 

0 Likes Likes
3 REPLIES 3

MP18
Cyber Elite
Cyber Elite

‎07-03-2020 09:40 PM

@msalhi 

 

If you want to do Inbound SSL decryption for traffic coming from Internet to the server then yes you need to Import the certificate to the

PA with its private keys for SSL decryption to work.

 

Then you need Decryption policy on the PA for traffic coming from Internet to the server Public IP address.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

msalhi
L0 Member
In response to MP18

‎07-04-2020 02:01 AM - edited ‎07-04-2020 02:02 AM

Thank you for your answer , i'm asking if it will be more secure if we install same ssl certificate on PA and WAF for inbound traffic destined to published server .

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to msalhi

‎07-04-2020 05:54 AM

@msalhi,

If you aren't attempting to decrypt the traffic as described by @MP18, there would be no reason to install the certificate on the PAN firewalls. You only need the certificate installed on the PAN if you were doing inbound decryption.

0 Likes Likes
  • 3095 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks