The document explains Palo Alto's SSL decryption policy, outlining its purpose, benefits such as malware detection and data loss prevention, and types including SSL forward proxy and inbound inspection. It highlights the importance of SSL inspection for application performance monitoring and cloud services monitoring. Additionally, it notes certain applications may be incompatible with the SSL forward proxy.

1. Palo Alto SSL Decryption Policy Concept
1. What is SSL Decryption policy ?
2. Why you should use SSL inspection ?
3. Palo Alto decryption Policy types
4. Unsupported applications
5. Decryption Port Mirroring

2. • https / SSL inspection
• Deep Packet Inspection (DPI)
What is SSL Decryption policy ?

3. • https/SSL inspection
• Deep Packet Inspection (DPI)
• Man-in-the-middle
What is SSL Decryption policy ?

4. Why you should use SSL inspection ?
SSL decryption can be applied to:
• Malware detection – It prevents malware from exploiting a host using SSL transactions
• Data loss prevention (DLP) – It prevents confidential data and files from being encrypted and leaked via
malware or a malicious insider using SSL connections
• Application performance monitoring (APM) – It enables proper monitoring of data and allows business
applications to use SSL for authentication
• Cloud services monitoring – It helps to differentiate and monitor secure services running in the cloud,
including web applications

5. Palo Alto decryption Policy types
1. SSL Forward Proxy
2. SSL Inbound Inspection
3. SSH Proxy
4. Decryption Exceptions

6. SSL Forward Proxy
• Man-in-the-middle attack (MitM)

7. SSL Inbound Inspection

8. SSH Proxy

9. Some applications might not work with SSL forward proxy:
• Applications that use client-side certificate
• Non RFC-compliant applications
• servers using unsupported cryptographic settings
Unsupported applications

10. Decryption Mirroring