How To Configure SSL Forward Proxy Decryption On The Palo Alto Firewall | PART 8
ฝัง
- เผยแพร่เมื่อ 12 พ.ค. 2023
- Full Palo Alto 0-60 Playlist:
👉🏻 • 🔥 Firewall Frenzy: Unl...
Watch the previous video in the playlist: • Configuring Your Initi...
Watch the next video in the playlist: • Can Palo Alto Firewall...
I'm Keith Barker, a 2x CCIE (Cisco Certified Internetwork Expert).
I'm am your guy if you are:
👉 New to IT and don't know where to start
👉Currently in IT, and want to learn more advanced ideas
👉 Anyone who wants to learn about the basics of technology in general
I believe that anyone can improve their situation by gaining new skills, especially in information technology.
New videos weekly!
🆓 Free Packet Tracer Labs download: thekeithbarker.com
Enjoy, Like, and Subscribe. 😃
Free TH-cam Playlists from Keith:
▶ Cisco CCNA 200-301 ogit.online/sloth
🔐 Cisco CCNA 200-301 Security ogit.online/200-301_Security
💻 Cisco CCNA 200-301 IPv4 Subnetting ogit.online/subnet
💬 Join our Discord server (free) ogit.online/Join_OGIT_on_Discord
🏪 Keith Barker Amazon Affiliate Store www.amazon.com/shop/keithbarker
🏫 Keith’s Content at CBT Nuggets ogit.online/Keith-CBT
![Palo Alto SSL Forward Proxy (Outbound SSL Decryption) [2024]](http://i.ytimg.com/vi/UuKcjfQicNw/mqdefault.jpg)
The WAN & only ladies & gentlemen, the OG of IT! Thank you Keith for being so awesome.
Thank you @fabrice9848!
I'm new to Palo and this series was more than I could hope for. Excellent!
Happy to do it, thanks for the feedback @ulimi2002.
I've learned more from your videos on this topic than anything that I've used in the past. You will always be my go to for advancing in my career. Thank you!
No way! Perfect timing, I got SSL decryption deployment for a customer! Thnx!!
Wish I had this 3 years ago. Maybe its from having seen it and figuring it out why and how this was done then stepping into a new company, but this explains it so easily. Love your quick and to the point explanations!
Thank you @joshstickney8695!
I laughed at the comment about the 400 series being 'slow' to commit at about 2-3 minutes. PA-200 & PA-220 entered the chat/
God forbid you have to reboot a 220 for a software upgrade….
Great playlist. Thank you!
Great video! I need to get me a PA440. I've been managing PA820s for the last 4yrs at work for our sites, but I recently got a new job and no Palo Alto lol.
HI Keith, Thanks for this.I have got decryption up and running on a pilot basis on our network and the first thing we noticed was that it broke, TH-cam,. The videos would freeze or not load the thumbnail etc. Could you doa video on troubleshooting t decryption errors please? Thanks.
Thank you Thank You Keith
Happy to do it, thanks for the feedback @01NetworkSolutions.
Thanks so much for these videos. i needed
Happy to do it, thanks for the feedback @RayAlejandroGaviriaAlegria.
Thanks Keith,
Happy to do it, thanks for the feedback Rashid Siddiqui | CISSP, CCSP and Related Stories.
you are the best og of it!!!!!
Hey Keith, I’m currently deploying mine but I dint have a CA server. How can I make the FW self sing it certs without the Server?
Hi @Keith Barker, Great explanation...
One question that arise in my Mind to implement is that "Can we use Wildcard Certs / Purchased public Certs for SSL Forward Proxy so that it will not require to install Certificate on each Client Machine.
Regards
Nadeem
Thank you for the question Muhammad Nadeem.
The clients need to trust the issuing CA for the cert the FW is using with SSL proxy. That could be an internal CA, where the machines have been configured to trust, or a public CA, that the computers already trust.
@@KeithBarker I've tried it on my android phone, the issue here is that some apps only take their own certificate databas to try to see if it's a valid certificate. So just importing it to the android certificate store wouldn't work for a lot of apps. Buying a public signed just for that seem's a bit an overkill though
Hey @Keith Barker, Thanks so much for these videos. I just installed one PA-440 and am at the Part 8 of this. I have never set up Certificate services on my 2019 AD server. Do you have a how to video on that so I can complete part 8 of the PA-440 configuration?
Thank you for the question @fourtsr. I don't have one I made, but here are several:
th-cam.com/users/results?search_query=install+certificate+services+on+domain+controller
Happy studies.
@@KeithBarker Thanks Keith. You commented in the beginning of part 8 you had a more in depth video over on CBT nuggets, can you provide the URL for this. I can't seem to find it.
Hey @Keith Barker, WOW! This series of videos is a God Send to me. Thank you so much for making the complex simple. That really is a gift and you have it in spades. Subscribed to you and also to CBT Nuggets, what a find. Thanks again!
thanks a lot
Happy to do it, thanks for the feedback @omertaskn5413.
Hi Keith,
Great job on the configuration you shown! Just wondering , why when I put the x forwarder for security policy, the connection is reset. I was wonder why this issue happen when using user-id is is okay
Thanks Kaith great video and explanation :). a Quick Question, have you integrate Palo alto with AWS Certificate manager (ACM). I tried but there are some limitarions , dont know if there is a workaround or something that i missed.