Cloud Managed
Focus
Focus
Advanced URL Filtering

Cloud Managed

Table of Contents


Cloud Managed

If you’re using Panorama to manage
Prisma Access
:
Toggle over to the
PAN-OS & Panorama
tab and follow the guidance there.
If you’re using
Strata Cloud Manager
, continue here.
A requirement of inspecting SSL handshakes is that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
  1. Confirm that your
    Prisma Access
    license includes an Advanced URL Filtering subscription.
    1. Select
      Manage
      Service Setup
      Overview
      and click on the hyperlinked Quantity value. Information including Security Services appears.
    2. Under Security Services, confirm that a checkmark is next to URL Filtering.
  2. Verify that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
  3. Enable inspection of SSL/TLS handshakes by CTD. By default, this option is disabled.
    1. Select
      Manage
      Configuration
      Security Services
      Decryption
      .
    2. By Decryption Settings, select the settings icon. Then, select
      Inspect TLS Handshake Messages
      .
      Alternatively, you can use the
      set deviceconfig setting ssl-decrypt scan-handshake
      <yes|no>
      CLI command.
    3. Save
      your changes. Under Decryption Settings, the Inspect TLS handshake message setting should say Enabled.
  4. Push Config
    to save and commit your changes.


Recommended For You