FTPS data session is not decrypted

FTPS data session is not decrypted

2592
Created On 06/23/22 14:14 PM - Last Modified 04/06/24 00:30 AM


Symptom


  • Decryption is configured
  • FTPS traffic passing through the firewall
  • The control channel is seen as decrypted, but the data session is not decrypted

Environment


  • Palo Alto Firewall
  • Supported PAN-OS version
  • Decryption

Cause


  • The ftp-data decoder will check whether the ftp-data session is SSL or not, If it is, it will switch the decoder to SSL which is required for the decryption policy lookup and decryption logic to start.
  • The decoder will only run if there are security profiles attached to the security rule.
  • If there are no security profiles, then there is no need to run the decoder as the firewall has not been configured to inspect the content.

Resolution


Configure Security Profiles such as URL Filtering, Anti Virus or File Blocking on the rule.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wklECAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail