Palo Alto Networks Knowledgebase: SSL Decryption behavior with Application Override

SSL Decryption behavior with Application Override

1616
Created On 02/08/19 00:05 AM - Last Updated 02/08/19 00:05 AM
Decryption
Resolution

Overview

Consider the following custom application and application override rule.  We have configured a custom application for TCP ports 80 and 443.  Application override is happening for traffic to port 80,443 from DMZ to L3-Untrust.

 

Custom-App1.png

 

Custom-App2.png

 

App-Override rule.png

Consider the following decryption rule: Here we are decrypting all traffic coming from DMZ going to L3-Untrust.

 

Decryption Rule.png

 

If you try to access some https website you will find that the traffic is not being decrypted because of the application override, even if you are doing decryption for everything.  

 

When application override is configured, the Palo Alto Networks firewall stops processing at Layer 4.

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleuCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language