>
    Unsupported Parameters by Proxy Type and TLS Version
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Decryption
    4. Troubleshoot and Monitor Decryption
    5. Unsupported Parameters by Proxy Type and TLS Version
    Download PDF

    Unsupported Parameters by Proxy Type and TLS Version

    Table of Contents

    Unsupported Parameters by Proxy Type and TLS Version

    Decryption sessions are based on various parameters; the firewall does not support all parameters for all proxy types.
    Decryption Log fields display decryption session parameters for each decryption proxy type. However, for reasons such as version support, encrypted portions of TLS handshakes, information availability, etc., some parameters are not available for every proxy type or TLS version. The following table shows unsupported Decryption log parameters by proxy type and TLS version.
    Proxy TypeUnsupported ParameterTLS Version
    Forward Proxy
    Negotiated EC Curve
    TLSv1.3
    Inbound Inspection
    Server Name Identification
    Root Common Name
    All
    Negotiated EC Curve
    TLSv1.3
    No Decrypt (No Decrypt action in the Decryption policy rule)
    Negotiated EC Curve
    Server Name Identification
    TLSv1.2
    Negotiated EC Curve
    Server Name Identification
    Certificate Information (all certificate information fields, for example, Certificate Start Date, Certificate End Date, Certificate Key Type, etc.)
    TLSv1.3
    Network Packet Broker
    Negotiated EC Curve
    TLSv1.3
    GlobalProtect Portal
    Server Name Identification
    Root Common Name
    Decryption policy name
    App-ID
    All
    GlobalProtect Gateway
    Server Name Identification
    Decryption policy name
    App-ID
    All
    Clientless SSLVPN
    Server Name Identification
    All
    SSH
    Decryption Log Not Supported
    Cleartext
    Decryption Log Not Supported

    © 2024 Palo Alto Networks, Inc. All rights reserved.