Monday, December 21, 2020

Palo Alto SSL Decryption Question

Hi All,

I'm looking to subject ssl traffic to my security profiles, but to do this, I believe I am understanding that for inbound traffic from the outside, you need to import the same certificate and key from each of your protected servers on the inside network into the Palo Alto. Is that true? If so, why? I don't really understand why the Palo can't use any cert, including a self-generated one to decrypt traffic coming in from the outside, then subject it to the security profiles, and drop it if it's malicious. Why does it have to be the same cert the internal servers have?



No comments:

Post a Comment