When planning to configure SSL Forward Proxy on a PA-5260, a user asks how SSL decryption can be implemented using a phased approach in alignment with
Palo Alto Networks best practices. What should you recommend?
When planning to configure SSL Forward Proxy on a PA-5260, a user asks how SSL decryption can be implemented using a phased approach in alignment with
Palo Alto Networks best practices. What should you recommend?
Palo Alto Networks best practices on implementing SSL decryption using a phased approach recommend initially targeting traffic categories that are considered high-risk or known to harbor malicious activity. This strategy minimizes the impact on users and allows administrators to gain experience before expanding SSL decryption to more traffic. Therefore, enabling SSL decryption for source users and known malicious URL categories aligns with this phased approach.
Agree C "Phase in decryption. Plan to decrypt the riskiest traffic first (URL Categories most likely to harbor malicious traffic, such as gaming or high-risk) and then decrypt more as you gain experience." https://docs.paloaltonetworks.com/best-practices/9-1/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEZCA0
C - seems to be correct as the phased approach talks about URL categories. (Financial services & Health-and-medicine) are often times not allowed by law to decrypt. Also it talks about minimizing the impact for end-users. So enabling rule for some user groups and only for specific and malicious URL categories seems to be by far the most correct choice here.
https://docs.paloaltonetworks.com/best-practices/10-2/decryption-best-practices/decryption-best-practices/plan-ssl-decryption-best-practice-deployment
The options are a bit confusing but daddy of security explains it well in the comments
C Basically choose control group of users and decrypt to known malicious URl's
C phased starting with specific URL categories