Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

URL Category list with all URLs from SSL Decryption Exclusion

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL Category list with all URLs from SSL Decryption Exclusion

L1 Bithead

Hi,

 

We are using SSL Decryption and I only allow SSL traffic for specific URL's and categories which are excluded from SSL Decryption.

Palo Alto has it's predefined list with SSL Decryption Exclusions (Device > Certificate Management > SSL Decryption Exclusion). From time to time I go to a website and it is blocked because:

- It is predefined in the SSL Decrypt Exclusion list

-  And it is not allowed by a security rule

 

So now I have a URL Category with a URL List and I have to add this URL manually when I want this site to work. Of course this happens for every URL in the SSL Decrypt list. Since this is the case, it would help if there was a URL Category List which I can use in a security rule which automatically contains all URL's from the SSL Decryption Exclusions list.

 

Is there such an object by default or a way to generate dynamically so it is always in sync?

1 REPLY 1

Cyber Elite
Cyber Elite

@mvrijsten,

There's nothing currently available that would give you a list of the current domains within the SSL Decryption Exclusion list to automatically allow in your security rulebase. You could probably pull that list with the API and capture the domain entries and use it to propagate your custom-url category if you were using something like MineMeld that has an API to feed the captured domains into the list. 

  • 2206 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!