>
    Strata Copilot
    Inspect SSL/TLS Handshakes (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. URL Filtering Features
    4. Inspect SSL/TLS Handshakes
    5. Inspect SSL/TLS Handshakes (Strata Cloud Manager)
    Download PDF
    Advanced URL Filtering

    Inspect SSL/TLS Handshakes (Strata Cloud Manager)

    Table of Contents

    Inspect SSL/TLS Handshakes (Strata Cloud Manager)

    If you’re using Panorama to manage Prisma Access:
    Toggle over to the PAN-OS & Panorama tab and follow the guidance there.
    If you’re using Strata Cloud Manager, continue here.
    A requirement of inspecting SSL handshakes is that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
    1. Check that your Prisma Access subscription covers Advanced URL Filtering.
    2. Verify that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
    3. Enable inspection of SSL/TLS handshakes by CTD. By default, this option is disabled.
      1. Select Configuration NGFW and Prisma AccessSecurity ServicesDecryption.
      2. By Decryption Settings, select the settings icon. Then, select Inspect TLS Handshake Messages.
        Alternatively, you can use the set deviceconfig setting ssl-decrypt scan-handshake <yes|no> CLI command.
      3. Save your changes. Under Decryption Settings, the Inspect TLS handshake message setting should say Enabled.
    4. Push Config to save and commit your changes.

    © 2025 Palo Alto Networks, Inc. All rights reserved.