We have not enabled ssl decryption for specific subnets.
When I see the traffic logs I see ssl decrypted is checked and traffic is denied.
I verify that I see decrypted flag for all traffic that is blocked in url category.
Need to know reason for this?
Solved! Go to Solution.
One way to self-check would be by using the built in 'test decryption-policy-match' command in the CLI and building out the traffic flow exactly what you are seeing in the traffic log. If you don't get a match we would need to look at the log details closer, but it's possible something within the decryption rulebase is simply misconfigured.
I tested with CLI test command and it hits no decryption rule.
Config is right we check few times.
Any other thoughts?
Running pan 8.1.9 on 5220
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!