1. Home
    2. PAN-OS
    3. PAN-OS Administrator's Guide
    4. Decryption
    5. Configure Decryption Exceptions
    6. Exclude a Server from Decryption
    End-of-Life (EoL)

    Exclude a Server from Decryption

    You can exclude server traffic from SSL decryption based on the common name (CN) in the server certificate. For example, if you have SSL decryption enabled, you could configure a decryption exception for the server on your corporate network that hosts the web services for your HR systems.
    1. Import the targeted server certificate onto the firewall:
      1. On the
        Device
        Certificate Management
        Certificates
        Device Certificates
         tab, select
        Import
        .
      2. Enter a descriptive
        Certificate Name
        .
      3. Browse for and select the targeted server
        Certificate File
        .
      4. Click
        OK
        .
    2. Select the targeted server certificate on the
      Device Certificates
       tab and enable it to be an
      SSL Exclude Certificate
      .
      When the targeted server certificate is designated as an SSL Exclude Certificate, the firewall does not decrypt the server traffic even if the traffic matches decryption policy rule.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo