Prisma Access

If you’re using Panorama to manage Prisma Access:
Toggle over to the
PAN-OS
tab and follow the guidance there.
If you’re using Prisma Access Cloud Management, continue here.
A requirement of inspecting SSL handshakes is that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection decryption.
  1. Confirm that your Prisma Access license includes an Advanced URL Filtering subscription.
    1. Select
      Manage
      Service Setup
      Overview
      and clicku on the hyperlinked Quantity value. Information including Security Services appears.
    2. Under Security Services, confirm that a checkmark is next to URL Filtering.
  2. Verify that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
  3. Enable inspection of SSL/TLS handshakes by CTD. By default, this option is disabled.
    1. Select
      Manage
      Configuration
      Security Services
      Decryption
      .
    2. By Decryption Settings, select the settings icon. Then, select
      Inspect TLS Handshake Messages
      .
      Alternatively, you can use the
      set deviceconfig setting ssl-decrypt scan-handshake
      <yes|no>
      CLI command.
    3. Save
      your changes. Under Decryption Settings, the Inspect TLS handshake message setting should say Enabled.
  4. Push Config
    to save and commit your changes.

Recommended For You