Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
>
Clear
Inspect SSL/TLS Handshakes (Strata Cloud Manager)
Updated on
Thu Apr 18 18:27:45 UTC 2024
Focus
Download PDF
Updated on
Thu Apr 18 18:27:45 UTC 2024
Focus
Home
Advanced URL Filtering
URL Filtering Features
Inspect SSL/TLS Handshakes
Inspect SSL/TLS Handshakes (Strata Cloud Manager)
Download PDF
Advanced URL Filtering
Cloud Managed
Table of Contents
Filter
Expand All
|
Collapse All
Advanced URL Filtering
Administration
Inspect SSL/TLS Handshakes (
Strata Cloud Manager
)
If you’re using Panorama to manage
Prisma Access
:
Toggle over to the
PAN-OS & Panorama
tab and follow the guidance there.
If you’re using
Strata Cloud Manager
, continue here.
A requirement of inspecting SSL handshakes is that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
Confirm that your
Prisma Access
license includes an Advanced URL Filtering subscription.
Select
Manage
Service Setup
Overview
and click on the hyperlinked Quantity value. Information including Security Services appears.
Under Security Services, confirm that a checkmark is next to URL Filtering.
Verify that you decrypt SSL/TLS traffic through either
SSL Forward Proxy
or
SSL Inbound Inspection
.
Enable inspection of SSL/TLS handshakes by CTD. By default, this option is disabled.
Select
Manage
Configuration
Security Services
Decryption
.
By Decryption Settings, select the settings icon. Then, select
Inspect TLS Handshake Messages
.
Alternatively, you can use the
set deviceconfig setting ssl-decrypt scan-handshake
<yes|no>
CLI command.
Save
your changes. Under Decryption Settings, the Inspect TLS handshake message setting should say Enabled.
Push Config
to save and commit your changes.
Recommended For You