Hi All, This is resolved, i have configured block policy for categories streaming-media, unknown, proxy-avoidance and web-hosting. categories may change case by case basis, so need to change accordingly. If any of interested URL is coming under this categories create exception for them. Also attached spyware profile to the same policy having DNS sinkhole enabled. I created a SSL forward decryption policy and attached a default profile. It is mostly using unknown issuers and not a standard protocols which getting blocked as decrypt-error by PA. After above configuraiton, I observed it for 24 hours it is not working. So this may be useful for someone who want to block.
... View more