This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About LeonardoMachado
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About LeonardoMachado
11-14-2022
7Posts
1Like
1Solution
Nov 14, 2022Last Visited
User
Activity
User
Profile
Latest posts by LeonardoMachado
| Subject | Views | Posted |
|---|---|---|
| 1342 | 07-12-2022 02:52 PM | |
| 1327 | 07-12-2022 07:15 AM | |
| 1399 | 07-08-2022 05:55 AM | |
| 1499 | 07-06-2022 06:36 AM | |
| 1234 | 03-15-2021 11:06 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 07-08-2022 05:55 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 07-12-2020 08:21 AM |
| Date Last Visited | 11-14-2022 08:43 AM |
| Posts | 7 |
| Total Likes Received | 1 |
07-12-2022
02:52 PM
The solution is quite easy: Decryption Policy accepts URL Category. I have created a custom category with my URL and voilà!! No application needed.
THnks!
... View more
07-12-2022
07:15 AM
This solution to segregate the inbound traffic using a custom application based on do SNI field of the TSL Client Hello cannot be configured.
The Decryption Policy configuration window does not have the Application tab which would allow me to specify only the newly created application to be decrypted. I wonder why PA does not allow decryption policies to be further limited to specific inbound applications.
... View more
07-08-2022
05:55 AM
1 Kudo
I'll try to use the SNI field from the TSL Hello Package to create a new application. Then, I will use this new "application" to differentiate traffic and create a specific decrypt policy.
I'll let you know if it works.
Thank you.
... View more
07-06-2022
06:36 AM
Dear Community, I need to configure ssl inboud inspection in a scenario with 5 web services running behind a reverse proxy. The flow of traffic is as follow: Internet (same_public_ip) =>> PA ==(nat)=>> Reverse Proxy =>> Web Services Since PA will not be able to peek into the sll traffic to grasp which one is the aimed internal service to apply the right certificate (and open the traffic), I guess that in this scenario I would have only two choices: 1) Attribute one public ip for each single internal services (and NAT them back into the same reverse proxy) 2) Remove reverse proxy (since PA would be much more efficient on analyzing the traffic than our reverse proxy) Am I right on these considerations? Any help would be appreciated. Thank you.
... View more
03-15-2021
11:06 AM
We've been trying to redirect the decrypted port mirror traffic to a remote sever in the network. If we plug a notebook into the decrytp port mirror of Palo Alto, we see all the decrypted traffic in Wireshark. So, we tried to connect PA port into a switch and use Cisco RSPAN to send the traffic to our remote Server. It just doesn't work. I may be failing on basic concepts here. Can anyone help me by saying how to make it work or, if so, why it should never work like this? Thank you. PA[decryp.port.mirror] --> Notebook: OK PA[decryp.port.mirror] --> SW1..n[RSPAN] --> Server: Not OK! Thank you.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-14-2022
08:43 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks