>
    Inspect SSL/TLS Handshakes (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. URL Filtering Features
    4. Inspect SSL/TLS Handshakes
    5. Inspect SSL/TLS Handshakes (Strata Cloud Manager)
    Download PDF
    Advanced URL Filtering

    Cloud Managed

    Table of Contents

    Inspect SSL/TLS Handshakes (
    Strata Cloud Manager
    )

    If you’re using Panorama to manage
    Prisma Access
    :
    Toggle over to the
    PAN-OS & Panorama
     tab and follow the guidance there.
    If you’re using
    Strata Cloud Manager
    , continue here.
    A requirement of inspecting SSL handshakes is that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
    1. Confirm that your
      Prisma Access
       license includes an Advanced URL Filtering subscription.
      1. Select
        Manage
        Service Setup
        Overview
         and click on the hyperlinked Quantity value. Information including Security Services appears.
      2. Under Security Services, confirm that a checkmark is next to URL Filtering.
    2. Verify that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
    3. Enable inspection of SSL/TLS handshakes by CTD. By default, this option is disabled.
      1. Select
        Manage
        Configuration
        Security Services
        Decryption
        .
      2. By Decryption Settings, select the settings icon. Then, select
        Inspect TLS Handshake Messages
        .
        Alternatively, you can use the
        set deviceconfig setting ssl-decrypt scan-handshake
        <yes|no>
         CLI command.
      3. Save
         your changes. Under Decryption Settings, the Inspect TLS handshake message setting should say Enabled.
    4. Push Config
       to save and commit your changes.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.