3.) Each application will behave differently if it is incompatible with SSL decryption. Some applications will complain about mismatching SSL certificates, while other applications will fail without providing a reason or even notifications. Your users will complain that things don't work, but it's highly likely that they'll be able to give you enough information to determine whether or not SSL decryption is the culprit. The firewall logs are your first line of defense regarding SSL-related failures. After that you're looking at packet captures. If you don't want to/are unable to login to the firewall or to Panorama to investigate, then the only other way to view the logs that will tell you if you're experiencing decryption-related issues will be through the use of log-forwarding. In your case, where you're interested in a subset of logs with indicators that may point to SSL decryption issues, you'll want to look at the "filtered log-forwarding" feature. Once you filter for the "interesting" logs, the firewall can then forward those logs to a specific destination, be it syslog servers, e-mail addresses, snmp trap receivers, or any SaaS-based communications/logging platform that accepts HTTPS/SSL-based API calls (such as Slack), etc. So, which logs are "interesting"? All traffic logs include a session-end reason. Some of those reasons clearly point to a decryption-related issue: - decrypt-cert-validation - decrypt-unsupport-param - decrypt-error Some are a little more cryptic: - resources-unavailable (if your decryption profile has a failure check that blocks sessions if resources are unavailable) Unfortunately, these other two reasons can (but do not always) indicate decryption-related issues: - tcp-rst-from-client (more likely in my experience) - tcp-rst-from-server (less likely) One of those log-forwarding destinations could be the Palo Alto Networks' Logging Service, which would ultimately allow you to access that data via the Application Framework. You (or your VAR, or an enterprising individual) could write an application that lives inside the framework and takes action when certain conditions are met.
... View more