Follow Post-Deployment SSL Decryption Best Practices
Expand all | Collapse all
End-of-Life (EoL)
Follow Post-Deployment SSL Decryption Best Practices
SSL Decryption post-deployment best practices ensure
that decryption is functioning as expected and help you maintain
the deployment.
After you deploy decryption, ensure that everything
is working as expected and take steps to ensure that it keeps working
as expected.
Verify that decryption works as expected.
Measure firewall performance to ensure that it’s within
acceptable norms and so that you understand the effect of decryption
on performance.
If you want to decrypt more traffic than firewall resources
support, scale up so that you have enough resources to decrypt all
of the traffic you want to decrypt and secure your network.
Educate new employees as you hire them so that they understand
your decryption policy and won’t be surprised if they can’t reach
a particular site because it uses weak cipher suites.
Periodically review and update Decryption policies and profiles.
Use
decryption troubleshooting tools such
as the Application Command Center’s
SSL Activity
widgets
and the Decryption log ()
to monitor decryption traffic and solve decryption issues.
Use Palo Alto Networks documentation and other resources
to learn more about Decryption and to look up information:
Palo Alto Networks Live community has a
Decryption Resource List of articles about
decryption configuration, setup, and administration.
To check up-to-date statistics on the percentages of different
ciphers and protocols in use on the 150,000 most popular sites in
the world so you can see trends and understand how widespread worldwide
support is for more secure ciphers and protocols, visit Qualys SSL
Labs
SSL Pulse page.