- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-13-2018 05:29 AM
Dears
In my company ,unfortunately, allow facebook.com website
we note when do "SSL Decryption" for social-networking category ,There is huge utilization on CPU (Up to 85%)
what is the better for this case as design : Decrypt Facebook or no decrypt ?
if we do "no-decrypt" ,Can palo alto to apply the policy of deny for some application on facebook such as "Facebbok-chat ,..."
Thanks
08-13-2018 07:43 AM
SSL Decryption can take a hit on smaller boxes that don't have much processing to spare; and depending on the amount of traffic you pass to Facebook you would expect to see a spike when you first start decrypting traffic.
The firewall won't be able to reliably look into the traffic and properly identify facebook-chat instead of normal 'facebook'. This makes for a broken experiance as users will be constantly switching back and forth between a working facebook-chat and a non-working facebook-chat as the firewall is able to identify the app-id as traffic passes.
I would personally recommend that you keep decrypting the traffic, 85% utilization is perfectly fine for the firewall.
08-15-2018 02:40 AM
Thank you for your reply
I would think that 85% is very high because exceed Max.= 80%
But when try to implement decryption ,I note the palo alto can down the "Facebook-chat" as example and permit the facebook .
what is problem or (Bad desgin) if cancle decryption ?
Again thank you for your reply
08-15-2018 06:22 AM
85% would be high if it's sustained, and it certainly poses a question on whether a spike in traffic would push the CPU even higher. If it's a momentary spike to 85% and it curbs off right away, I wouldn't be worried about it; if you are at a sustained 85% and spiking higher then that's an actual issue.
Not decrypting the traffic you lose insight into what the traffic is actually doing/is. At that point there is no knowing whether the traffic is simply normal social media traffic or if a malicious attachment someone got through email is using facebook to host a malicious file masquerading as an image. Most companies also have different policies in place on different parts of Facebook; for example they might let you go to Facebook, but not chat or access any Facebook games.
Whether or not you should decrypt this traffic depends on multiple things that matter in varying degrees depending on the company.
08-16-2018 12:51 AM
Thank you for your reply
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!