- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-17-2010 08:53 PM
Hi All,
I wonder if anyone is facing this issue... If you enable web-based-email inside ssl decryption rules, it will also block user to access both msn live messenger and yahoo messenger (this does not happen to skype of course). Even though, the existing security rules stated allow any application without any filtering mode, this will still happen.
Pan-os: 3.0.5
application version: 163-489
threat version: 163-489
url filtering version: 3247
Any workaround?
Thanks.
01-18-2010 11:15 AM
Eugene,
If you've determined that your Yahoo and MSN IM sessions are being blocked by the filter on Web-based-email, Support recommends that you allow login.yahoo.com and live.msn.com.
01-21-2010 12:20 AM
Hi Nrice,
Thanks for your replied.
Nope, that is url filtering part, but the issue that i'm facing is with ssl decryption. Like i said, if you enable "web-based-email" category inside ssl decryption". I also tried using your method is the same.
In this case, how can we overcome this issue? As per now, there is no setting / configuration for us to whitelisting certain url as per ssl decryption category.
01-21-2010 03:24 PM
I ran this past Support and they recommend openeing a case so that they can work with you to get around the SSL decryption issue .
04-27-2012 12:24 AM
Did you find a fix for this problem?
I'm having the same problem with 4.1.5 and ssl decryption. Can't login to msn.
Jo Christian
04-27-2012 01:15 AM
So I found a fix for this problem.
Make a custom url category with *.msn.com and add it to a "no-decrypt" rule.
Jo Christian
04-28-2012 04:20 AM
To me that sounds bad because now all s**t at *.msn.com will bypass the protections that your PA can offer regarding threat and antivirus etc.
04-28-2012 04:34 AM
Hello,
Yes I agree.
But I needed to find a fast fix and this was the solution.
I guess it is possible to tighten the url filter a bit by finding the correct somethingat.msn.com
But this will not be a perfect solution anyway.
Jo Christian
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!