Why does traffic log display decrypted traffic when no decryption policy is configured?

Why does traffic log display decrypted traffic when no decryption policy is configured?

12773
Created On 12/31/19 02:55 AM - Last Modified 11/11/20 23:41 PM


Question


Why does traffic log display decrypted traffic when no decryption policy is configured?

Environment


  • Any PAN-OS
  • Any Palo Alto Firewall

Answer


Traffic seen as decrypted in the traffic log, when no decryption policy is configured is seen under the following conditions:
  1. When the response page is configured to block SSL URL, this traffic is decrypted by default and this is seen in the monitor log.
  2. When Global Protect is configured, the connection to Portal is decrypted by default and this is seen in the monitor log.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PO0cCAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language