>
    Inspect SSL/TLS Handshakes (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. URL Filtering Features
    4. Inspect SSL/TLS Handshakes
    5. Inspect SSL/TLS Handshakes (Strata Cloud Manager)
    Download PDF
    Advanced URL Filtering

    Inspect SSL/TLS Handshakes (Strata Cloud Manager)

    Table of Contents

    Inspect SSL/TLS Handshakes (Strata Cloud Manager)

    If you’re using Panorama to manage Prisma Access:
    Toggle over to the PAN-OS & Panorama tab and follow the guidance there.
    If you’re using Strata Cloud Manager, continue here.
    A requirement of inspecting SSL handshakes is that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
    1. Confirm that your Prisma Access license includes an Advanced URL Filtering subscription.
      1. Select ManageService SetupOverview and click on the hyperlinked Quantity value. Information including Security Services appears.
      2. Under Security Services, confirm that a checkmark is next to URL Filtering.
    2. Verify that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
    3. Enable inspection of SSL/TLS handshakes by CTD. By default, this option is disabled.
      1. Select Manage ConfigurationSecurity ServicesDecryption.
      2. By Decryption Settings, select the settings icon. Then, select Inspect TLS Handshake Messages.
        Alternatively, you can use the set deviceconfig setting ssl-decrypt scan-handshake <yes|no> CLI command.
      3. Save your changes. Under Decryption Settings, the Inspect TLS handshake message setting should say Enabled.
    4. Push Config to save and commit your changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.