Follow Post-Deployment SSL Decryption Best Practices
Expand all | Collapse all
Follow Post-Deployment SSL Decryption Best Practices
SSL Decryption post-deployment best practices ensure
that decryption is functioning as expected and help you maintain
the deployment.
After you deploy decryption, ensure that everything
is working as expected and take steps to ensure that it keeps working
as expected.
Verify that decryption works as expected.
Measure firewall performance to ensure that it’s within
acceptable norms and so that you understand the effect of decryption
on performance.
If you want to decrypt more traffic than your firewall
resources support, the best practice is to scale up the resources
so that you have enough to decrypt everything you want to decrypt
and secure the network.
Educate new employees as you hire them so that they understand
your decryption policy and won’t be surprised.
Periodically review, and if necessary, update Decryption
policies and profiles.
Use Palo Alto Networks documentation and other resources
to learn more about Decryption and to look up information:
Palo Alto Networks Live community has a
Decryption Resource List of articles about
decryption configuration, setup, and administration.
To check up-to-date statistics on the percentages of different
ciphers and protocols in use on the 150,000 most popular sites in
the world so you can see trends and understand how widespread worldwide
support is for more secure ciphers and protocols, visit Qualys SSL
Labs
SSL
Pulse page.