Ongoing Configuration and Infrastructure Deployment - SSL Decryption Operational Guide
SSL today makes up 30 to 40% of all outbound web browsing traffic in the enterprise. To protect a company’s resources, it is critical to apply application and threat policy to all traffic, including encrypted traffic. SSL decryption provides the visibility to this encrypted traffic so that security policy can be consistently applied to all traffic passing through the firewall.
A key element for a smooth deployment of SSL decryption is due diligence up front. Some of the more complex elements of deploying decryption are in the preparation required for the Palo Alto Networks devices to be able to decrypt traffic. This can include certificate planning and deployment, understanding the impact of SSL decryption to the existing environment, and ensuring that any limitations currently inherent to decryption deployment are acceptable to client requirements.
This activity defines methodologies that have proven successful in past deployments of SSL decryption of production networks. It is not intended to describe the feature in depth or duplicate available product documentation, but rather to share the lessons learned of previous experiences in planning and deploying SSL decryption. The ultimate goal is to make the deployment of such policies as non-intrusive and effective as possible.