This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About tombarat
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About tombarat
08-14-2018
3Posts
0Likes
0Solutions
Aug 14, 2018Last Visited
User
Activity
User
Profile
Latest posts by tombarat
| Subject | Views | Posted |
|---|---|---|
| 1719 | 07-05-2018 07:20 AM | |
| 1739 | 07-04-2018 08:13 AM | |
| 1752 | 07-03-2018 08:30 AM |
User Badges
Community Statistics
| Member Since | 07-03-2018 04:19 AM |
| Date Last Visited | 08-14-2018 09:52 AM |
| Posts | 3 |
07-05-2018
07:20 AM
Hi, I set the decryption profile to default for my inbound ssl decryption policy. Now the traffic is still logged as ssl over port 443, but the decryption flag is down and the session end reason is n/a. The document you provided was the one i used to make the configuration in the first place, the only step not implemented being the wildfire analysis because i don't need it right now and i want to enable features progressively. As for the certificate chain considerations, i am working in a lab environment so my webserver's certificate is self-signed and generated using openssl. It shows in the panorama management console as a CA and trusted root certificate, the status is valid. Thank you again for your help.
... View more
07-04-2018
08:13 AM
Hello, I tried using the default decryption profile, and i also tried with no decryption profile ( i was under the impression that this would lead the firewall to accept all SSL versions and ciphers). After a reboot of the firewall, i no longer get unsupported versions/ciphers error messages, but the firewall systematically resets both client and server before the end of the handshake, leading to a "secure connection failed " error page. Another info that might be useful is that the firewall logs the session as Application ssl over port 443 with the decrypted flag raised. Thank you in advance for any insight.
... View more
07-03-2018
08:30 AM
Hi, i have a very strange issue. I have a webserver protected by a palo alto NGFW, if i disable inbound ssl inspection policies everything works fine and i can access the server as intended. However when i enable the inbound ssl inspection policy, with the proper certificates imported in the NGFW, i always get SSL version/ Cipher suites errors ( the error nmessage varies depending on the browser i use). I did not configure my browser ( nor the webserver) to enforce specfic algorithms. The webserver runs on apache. I use self signed root CA and self-signed certificate for the webserver. Thank you for your help
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-14-2018
09:52 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks