Is SSL Decrypt supported for servers, applications, internal private apps?
Good afternoon, as always thank you for your cooperation.
Is it possible to inspect the SSL/TLS traffic of internal web applications.
I mean example:
We have Palo Alto Networks firewall with a couple of LANs, Trust 1 and Trust 2 Wireless Corp. Additionally a DMZ Zone, where the servers, which have private, proprietary web applications, internal web systems, etc., live.
When a user from the LAN networks goes to the DMZ servers, to consult for some resource, the traffic passes and flows through the Palo Alto firewall.
Based on the above, is it feasible to apply ssl decrypt, and perform a deep inspection of the ssl/tls traffic from the LAN flow to the DMZ? Is this feasible and supported in Palo Alto Networks ? If supported, what are the considerations to take into account when implementing this.
Thank you, I remain attentive
Best regards
It is supported for sure! If you're hosting your own server, you can use "ssl inbound inspection" You will need to load the server certificate onto the firewall, but the advantage is that you can inspect inline (versus the proxy option for outbound inspection)