Palo Alto Networks Knowledgebase: List of Domains and Applications Excluded from SSL Decryption

List of Domains and Applications Excluded from SSL Decryption

(2811 Views)
Created On 09/25/18 17:19 PM - Last Updated 09/25/18 23:10 PM
Categories:  Policy

Issue:


Solution:


Domains

There are a number of Domains/SSL Certificates that are excluded from SSL Decryption. 

 

Starting with PAN-OS 8.0 and newer, the SSL exclusion is handled inside of the Certificates section of the WebUI. 

To see the full list of domains/SSL certificates that are excluded from SSL Dectyption, Inside of the WebGUI > Device > Certificate Management > SSL Decryption Exclusion.

2018-07-20_ssl-cert-exlusion.png

 

The domains selected with the "Exclude from decryption" in this location will not be decrypted by the Palo Alto Networks device.


This list of domains are added the SSL Decryption Exclusion list in each Content load so that the SSL engine will allow them to pass through, rather than trying to decrypt them.

 

Applications

In PAN-OS 7.1 and older, applications were used instead of domains.

 

These applications are added to an exclude list in each Content load so that the SSL engine will allow them to pass through, rather than trying to decrypt them.

#
Application
1adobe-echosign
2aerofs
3aim
4airdroid
5amazon-aws-console
6anydesk
7appguru
8apple-game-center
9apple-push-notifications
10asana
11authentic8-silo
12bluejeans
13cryptocat
14daum-mypeople
15discord
16dnf
17efolder
18evault
19filesanywhere
20finch
21google-plus-posting
22gotoassist
23gotomeeting
24gotomypc
25hbo
26hp-virtual-rooms
27icloud
28informatica-cloud
29itunes
30itunes-appstore
31itunes-mediastore
32itwin
33jungledisk
34kakaotalk
35kakaotalk-audio-chat
36kakaotalk-file-transfer
37lantern
38linkedin
39live-mesh
40logentries
41logmein
42logmeinrescue
43meerkat
44megachat
45metatrader
46minecraft
47ms-lync-online
48ms-product-activation
49ms-spynet
50ms-update
51naver-line
52norton-zone
53ntr-support
54odrive
55office-on-demand
56okta
57onepagecrm
58onlive
59opera-vpn
60packetix-vpn
61paloalto-wildfire-cloud
62pando
63pathview
64periscope
65proofhq
66puffin
67rift
68second-life
69signal
70silent-circle
71simplify
72sophos-rms
73springcm
74sugarsync
75telex
76tigertext
77ubuntu-one
78ultrasurf
79vagrant
80via3
81vmware-view
82vudu
83wallcooler-vpn
84webroot-secureanywhere
85wetransfer
86whatsapp
87winamax
88wiredrive
89yunpan360-file-transfer
90yuuguu
91zoom
92zumodrive

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEzCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: