03-24-2021 06:42 AM
Hi,
i have one short question about PANOS 9 and 10 ssl decryption.
We use ssl decryption on all PAs for many years.
Is the rule 77 obsolet after upgrade to PANOS 9 /10??
The rule was a must have for ssl decryption working on PANOS 7.
Best regards,
Chris
03-24-2021 12:58 PM
Hello,
Its valid from what I can tell. However with the new builds, you dont have to put in the 'service' portion since the PAN is smart enough now to know that it will have web-browsing over 443 if its decrypted but no worries to keep the services there.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgHCAS
Regards,
03-24-2021 09:03 AM
What I would probably do is, reset the hit counters for that rule, and then see if it gets any hits. If it doesn't get any hits over a few days, then it should be safe to disable it.
Just another I.T. Guy
03-24-2021 12:58 PM
Hello,
Its valid from what I can tell. However with the new builds, you dont have to put in the 'service' portion since the PAN is smart enough now to know that it will have web-browsing over 443 if its decrypted but no worries to keep the services there.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgHCAS
Regards,
03-24-2021 12:59 PM
Zero policy hits the whole day!
I think the https policy for ssl decryption is obsolet. 🙂
Hitcounter and policy optimzer are very nice new features.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
