How to Forward Decrypted SSL Traffic for WildFire Analysis for Prisma Access Firewalls

How to Forward Decrypted SSL Traffic for WildFire Analysis for Prisma Access Firewalls

13592
Created On 06/02/20 17:55 PM - Last Modified 08/23/24 06:35 AM


Symptom


  • "Allow Forwarding of Decrypted Content" setting is missing under GUI: Device > Setup > Content-ID > Content-ID Settings on Panorama for Prisma Access pre-defined read-only templates such as Mobile_User_Template and Remote_Network_Template.
  • This is preventing forwarding of decrypted SSL traffic for WildFire analysis from Prisma access cloud firewalls. 
User-added image
 

 

Environment


Any Prisma Access firewalls managed by Panorama.

Cause


To make WildFire work when you are decrypting traffic, you have to have the "Allow forwarding of decrypted content" box checked.
This checkbox is not present in Panorama if Panorama is set to Multi VSYS mode (Device > Mode drop-down) which is the default setting.

Resolution


To resolve the issue, disable Multi VSYS check-box under GUI: Device > Mode which should populate "Allow forwarding of decrypted content" setting on Panorama for the Prisma access templates.

Before:

User-added image

After:

User-added image

Now, you can enable the option and commit the changes to the Prisma Access firewall.

User-added image
 

Additional Information


Configuration Steps are listed at Forward Decrypted SSL Traffic for WildFire Analysis
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008UGnCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail