08-29-2015 02:25 PM - edited 08-29-2015 02:27 PM
Yesterday i upgraded my pa vm-100 from panos-7.01 to 7.02.
After that facebook stopped working with SSL decryption on.
After some testing and troubleshooting this seems to be the problem.
The problem is that some akamai domains that facebook uses gives me an palo alto certificate untrusted page.
for example this domain: https://fbcdn-profile-a.akamaihd.net
The strange thing is all the certificates used by this domain are already in de PA trusted cert auth list.
Just to be sure i downloaded the certs and added them manually to the PA, but no difference.
After spending 2 hours debugging en trying to get it work,
off course i can exclude those domains from decryption or or let the PA ingnore untrusted certs but thats not the way to do it. i downgraded to panos 7.0.1 and the untrusted cert problem dissapeared.
Are more people having this issue? i think there are more sites that stop working after the upgrade.
Does anyone found a solution?
