If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?
If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic when users browse to HTTP(S) websites?
SSL Forward Proxy is the correct SSL decryption mode to use when an administrator does not possess the website's certificate, as it allows the Palo Alto Networks Next-Generation Firewall (NGFW) to inspect outbound SSL traffic. In this mode, the NGFW acts as an intermediary between the client and the external server, enabling the decryption and inspection of the traffic seen by users when they browse to HTTPS websites. This configuration permits the inspection of secure traffic without needing the actual server certificate.
its an outbound traffic so you will need SSL Forward proxy
SSL inbound inspection can be used if you possess a website's certificate, otherwise - only SSL Forward Proxy
Here, it's A
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV8CAK
Answer: A
Answer: A
It's A. SSL Forward Proxy
"If an administrator does not possess a website's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to INSPECT traffic when users browse to HTTP(S) websites?" Should that not be B? SSL Forward Proxy mode does not inspect the SSL traffic but Inbound Inspection Decryption Mode does!
I think the key here it says users, not external users. If it said external users, we would be looking at ssl inbound most likely.
I though like you, but it's not correct. Don't matter about "If an administrator ..... certificate". Only focus to the rest of the sentence "which SSL ..... websites?" You'll see the answer is evident.
no the answer is A. forward proxy. the direction is outbound not inbound.
Answer is A