Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

SSL DERYPTION : How to automate URL/domaine decryption Exclusion properly?

L0 Member

Use case : Ours users go through Palo alto for internet access. Decryption feaures has been enabled.
When users try to access to internet may failed because the decryption-error.
We need a solution to automate URL SSL decryption exclusion and log urls excluded for review. Perfectly in a dynamics external list or in a custom url category. Theses dynamics objects will be in a no-decript rule.


How can i achieve it ?

Several mai cause errors : Server-error, client-error mainly aout handshake negotiation.
Existing solution :
- Use a feature in the decyption policies to bypass decryptio for decryption errors. However the decryption exclusion happen if only the server answer with a handshake errors, in the others hand we dont have a great visibility on these url exclusion for decryption.
- Use a log forwarding feaure to automate IP decryption and fill the IPs in a dynamics objects. This is not correct because we want to exclude URL and not IP of the server or the hosts.

Who Me Too'd this topic