So I have tested SSL decryption today, and I made it work. But for some reason some of the webpages that are being decrypted are extremely slow. Facebook and even support.paloaltonetworks.com are two of them.
I exported a CA certificate from our AD and imported it into the PA as described in a document I found on the knowledgebase.
Look at the attached file for my configuration.
One more thing that is not working is the "block" page when I try to download the eicar test virus file via https.
I can see in the monitor/threat that the file is being blocked but I do not get the block page. Works if I open the eicar virus file via http.
Any suggestions on what the problem can be?
This is an PA-500 with sw version 4.0.3
I have a similar install than you, but I don't put URL categories filters in decrypt rules (I left it to 'Any') and it works like a charm.
Also are you using some user identification? May be with a captive portal ?
I also have a similar setup to yourself, but I've found that SSL decryption can be very slow on some website including the PAN support portal. I've had to put a rule in to not decrypt the effected websites and the performace then returns.
Can anyone from PAN explain why these performance issues are happening and what else (other than not to decrypt them) can be done to fix it.
I've used other web scanning products with SSL decryption and I've not experienced these sort of performance issues before.
Yes I have tried setting the categories filter to "Any", but it's still a problem.
How does your setup work against https://facebook.com? Take minutes for my setup to open it up when ssl decrypt is enabled.
Yes we use user identification (but not captive portal).
Only website that shows slowness for my users with decryption enabled is Google Mail and only with Chrome (IE & Firefox are ok).
I have a support ticket opened for that.
So I tested with IE and it things seems to be abit smoother. I always use Chrome.
But what can be the reason for this?
Btw does the block page work for you when trying to open https://secure.eicar.org/eicar_com.zip ?
If antivirus profile is enabled. I see in the log that the file is blocked but I don't get the webpage.
Chrome just hang trying to load the "page/file".
Work as it should if I try to download the file when not using ssl/https.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!