Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for Show only | Search instead for Did you mean: Announcements08-16-2011 06:59 AM
in my configuration I have neither SSL Decryption implemented nor URL Filtering. I only have 1 policy: "trust to untrst accept all" in Vwire. PANOS 4.0.2
If, from my PC behind PAN device, I try to go to: _http s ://www.facebook.com_
PAN device shows me the app facebook-base in the Traffic Logs.
If I put a block policy for all facebook traffic and try to go to _http s ://www.facebook.com_
PAN device blocks my connection and I see the facebook-base app blocked in my Traffic Logs.
I analyzed my traffic with Wireshark and the only things I see are:
- DNS Request for facebook.com
- TLSv1 Negotation phase
- Change Chiper Spec exchange
- Application phase (where the application layer takes place) with the Application Data Protocol (HTTP) encrypted.
Eveything is encrypted, there is no HTTP GET in clear, no URL visible (obviously the URLs are encrypted).
So, the question is: how is it possible that PAN device sees Facebook traffic in a HTTPS (TLSv1) connection?
Then, when I need to implement SSL Decryption? Only if I want "safe enablement"?
Thanks. maybe I have been missing something.