Prisma Access Web Security blocking access to M365/teams/outlook

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Prisma Access Web Security blocking access to M365/teams/outlook

L2 Linker

Hi, anytime we enable "web security" as recommended on the main dashboard of prisma access, MS Teams and outlook stop working.  Outlook throws up certificate errors and teams refuses to connect.  Upon investigation it looks as though the traffic is being decrypted and this is causing issues.  We have put in bypass decryptions for the "worldwide 365 URL" and "worldwide 365 IP" lists in our network security decryption policy.  However the logs clearly show this traffic is still being decrypted and breaking the application.  It appears that the "web security" feature / policy later is overriding anything set at the network security layer with regards to encryption.

As soon as we disable "web security" the applications start working again.  How should we configure the web security feature to bypass decryption for all M365 URLS and IP's?

 

Many thanks.

3 REPLIES 3

L6 Presenter

L1 Bithead

I am currently experiencing the same issue. I noticed that installing the Root CA allows decryption to work correctly,

but if I install Forward-Trust-CA, the same problem occurs.

Future

L2 Linker

Thanks for the reply folks - much appreciated.

In the end I did not enable split tunnel.  What I did was create an EDL to the "M365 worldwide URLS" at https://saasedl.paloaltonetworks.com/feeds/m365/worldwide/any/all/url

 

Then under "web security" > "Global Decryption exclusions" > "bypass URL categories" I added in the External dynamic List.

 

  • 2605 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!