Forward Decrypted SSL Traffic for Advanced WildFire Analysis
Focus
Focus
Advanced WildFire

Forward Decrypted SSL Traffic for Advanced WildFire Analysis

Table of Contents

Forward Decrypted SSL Traffic for Advanced WildFire Analysis

Where Can I Use This?
What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by Strata Cloud Manager)
  • NGFW (Managed by PAN-OS or Panorama)
  • VM-Series
  • CN-Series
  • Advanced WildFire License
    For
    Prisma Access
    , this is usually included with your
    Prisma Access
    license.
Enable the firewall to forward decrypted SSL traffic for Advanced WildFire analysis. Traffic that the firewall decrypts is evaluated against security policy rules; if it matches the WildFire analysis profile attached to the security rule, the decrypted traffic is forwarded for analysis before the firewall re-encrypts it. Only a super user can enable this option.
Forwarding decrypted SSL traffic for analysis is a Advanced WildFire Best Practices.
  • On a firewall that does not have multiple virtual systems enabled:
    1. If you have not already, enable the firewall to perform decryption and Forward Files for Advanced WildFire Analysis.
    2. Select
      Device
      Setup
      Content-ID
      .
    3. Edit the Content-ID settings and
      Allow Forwarding of Decrypted Content
      .
    4. Click
      OK
      to save the changes.
  • On a firewall with virtual systems enabled:
    1. If you have not already, enable decryption and Forward Files for Advanced WildFire Analysis.
    2. Select
      Device
      Virtual Systems
      , click the virtual system you want to modify, and
      Allow Forwarding of Decrypted Content
      .
  • For
    Prisma Access
    , this is configured as part of your
    WildFire and Antivirus
    security profile settings. For more information, refer to Forward Files for Advanced WildFire Analysis for
    Prisma Access
    .

Recommended For You