Decryption Best Practices
This document is a streamlined checklist of pre-deployment, deployment, and post-deployment best practices that you can follow to implement decryption. Each section includes links to detailed information in the PAN-OS 8.0 Admin Guide, including how to configure Decryption policy rules and profiles.
Temporary rules in the best practice rulebase will catch any additional applications that may be in use on your network so that you are not inundated with complaints of broken applications during your transition to application-based policy.
You can detect and prevent in-progress phishing attacks, thereby preventing credential theft, by controlling sites to which users can submit corporate credentials based on the site’s URL category. This allows you to block users from submitting credentials to untrusted sites while allowing users to continue to submit credentials to corporate and sanctioned sites.