In non decrypted tls 1.3 traffic, how is the firewall in 10.0 seeing the URL that a user requests and how is it enforcing that category? I've read that tls1.3 encrypts the SNI field, which from my understanding, is the primary way the palo firewalls read and implement URL categories on non-decrypted traffic. If we don't decrypt on certain traffic (ex. financial), and that traffic is tls1.3, how is the firewall seeing a destination, other than an IP address, and how is it trying to utilize what it sees to a URL category? I've read below, but still a bit foggy on this, as would this break URL categories period for non-decrypted traffic? https://live.paloaltonetworks.com/t5/general-topics/url-filtering-tls-1-3-website/m-p/244821#M69839
... View more