30 07, 2020

Fixing SSL Decryption Issues in Palo Alto PAN-OS 10

Palo Alto Networks has recently introduced PAN-OS 10, and added some pretty nifty features but one feature that perhaps excites me the most is the improved SSL decryption troubleshooting. Any system or network administrator that has provisioned SSL decryption on any firewall knows that they'll be spending the next few days (weeks/months?) fixing web pages that don't load properly, applications that don't connect, SaaS logins that no longer work etc. It's a headache. The solution to all this is to find the SNI (Server Name Identification) of the certificate being used by the application and excluding it from your firewall's SSL decryption feature. Before PAN-OS v10, this was easier said than done in Palo Alto firewalls. So it is with open arms that I welcome the new Decryption Failure Reasons widget in PAN-OS 10.

More
Load More Posts