Printer Friendly Page

4.1 SSL Traffic

 

This activity results in an increase in production traffic visibility by decrypting traffic and applications that are still hidden by encryption.  This process is completed in a staged task sequence in order to ensure a smooth transition.

 

Tasks include: 

  • Determine the existence of a PKI environment
  • Create or attain a trusted Certificate Authority (CA)
  • Deploy CA on Palo Alto Networks Platforms that will be performing Decryption
  • Ensure CA is trusted by all endpoints
  • Ensure User-ID is enabled 
  • Create a phased rollout approach
  • Establish and create Processes to bypass Decryption when issues arise
  • Creation of SSL Decryption policy for agreed high risk categories
  • Creation of SSL Decryption Profile to handle exceptions 
  • Complete testing of SSL Decrypt policy for deployed Categories

 

Knowledge transfer to Customer for implementation of additional SSL Decryption categories beyond the initially defined categories

 

Deliverables: 

  • SSL Configuration Addendum added to As-Built document
  • Completed SSL Decryption Implementation Checklist

 

Consultant Collateral: 

  • SSL Decryption Best Practice
  • Transformation Services Playbook

 

Please see the Decryption Best Practices page to learn more.

 

 

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
‎07-02-2020 11:21 AM
Updated by:
 
Labels
Contributors