Hi. The second firewall will consider the first as a client (normal PC, just as a server doesn't know it's communicating with a firewall), and will show its certificate to the first firewall. I hope I could answer your question. :)
@@netsums Thank you ever so much for your response. I thought along the same lines. Problem is one firewall will only allow us to export it's root CA cert the other is a Palo. We have to work out the logic to position the firewalls in a way to achieve our goals. Thanks again.
In my opinion the Palo does a pretty good job identifying apps, like differenciating Google drive/docs uploads and downloads, for example. So I would tend to activate the ssl decryption only on the Palo and not on the other firewall, specially if you have the threat prevention license. But yes, it depends also on how the firewalls are setup in your environment.
That's also my experience. Nowadays most companies need it, but it can be a pain for the administrators. And not all users are very understanding, when something that worked before suddenly stops working. 😊
I'm not sure I understand your question. In some countries there are some connections that are not allowed to be decrypted. Each company has its own policies. The advantage of SSL decryption is that the firewall gains more visibility on the traffic.
![Palo Alto GlobalProtect VPN Configuration Step by Step [2024]](http://i.ytimg.com/vi/Dj-rjuX9I_E/mqdefault.jpg)
![Palo Alto GlobalProtect VPN Configuration Step by Step [2024]](/img/tr.png)
Thanks a lot for your clarifications
You're welcome, I'm glad you liked the video. :)
fantastic explanation. thanks for all the effort you put into these videos.
Hello, excellent explanation, my compliments.
I would like to see that scenario with an enterprise CA or PKI. Thanks for sharing your knowledge.
Hi. Thank you for the comment. :-) im glad you liked the video. I will keep your suggestion in mind for the next tutorials.
Hi Thanks for this. What would happen if there are two firewalls in series, both wanting to decrypt the traffic?
Hi. The second firewall will consider the first as a client (normal PC, just as a server doesn't know it's communicating with a firewall), and will show its certificate to the first firewall. I hope I could answer your question. :)
@@netsums Thank you ever so much for your response. I thought along the same lines. Problem is one firewall will only allow us to export it's root CA cert the other is a Palo. We have to work out the logic to position the firewalls in a way to achieve our goals. Thanks again.
In my opinion the Palo does a pretty good job identifying apps, like differenciating Google drive/docs uploads and downloads, for example. So I would tend to activate the ssl decryption only on the Palo and not on the other firewall, specially if you have the threat prevention license. But yes, it depends also on how the firewalls are setup in your environment.
Everyone fears this. It's always a nightmare to deploy.
That's also my experience. Nowadays most companies need it, but it can be a pain for the administrators. And not all users are very understanding, when something that worked before suddenly stops working. 😊
Hello
is this necessarily authorized to use ssl descryption in the network if yes what are the advantages and disadvantages.thx
I'm not sure I understand your question. In some countries there are some connections that are not allowed to be decrypted. Each company has its own policies. The advantage of SSL decryption is that the firewall gains more visibility on the traffic.
Awesome
Thank you, I'm glad you liked it. :-)
Hey can you make video on how to do segmentation on firewall
Hi. What do you mean exactly? Through zones? Or like using different virtual routers?