Identify & Control Encrypted Traffic

Take control over the use of encryption over the network and ensure that it is not being used to conceal unwanted activity or dangerous content. Using policy-based decryption and inspection, administrators can ensure that SSL and SSH are being used for business purposes as opposed to propagation of threats or unauthorized data transfer. The next-generation firewall can ensure that SSL/SSH sessions are inspected in a safe and secure manner.

	Identify, control and inspect inbound SSL traffic. Policy based identification, decryption, and inspection of inbound SSL traffic (from outside clients to internal servers) can be applied as a means of ensuring that applications and threats are not hiding within SSL traffic. Server certificate and private key are installed on the Palo Alto Networks next-generation firewall to achieve the decryption. By default, SSL decryption is disabled.
	Identify, control and inspect outbound SSL traffic. Policy-based identification, decryption and inspection of outbound SSL traffic (from users to the web) can be applied as a means of ensuring that applications and threats are not hiding within SSL traffic. A man-in-the-middle approach is used where device certificates are installed in the user's browser. By default, SSL decryption is disabled.
	Identify and control SSH traffic. Administrators can perform policy-based identification and control of SSH tunneled traffic. A man-in-the-middle approach is used to detect port forwarding or X11 forwarding within SSH as an SSH-tunnel, while regular shell, SCP and SFTP access to the remote machine is reported as SSH. By default, SSH control is disabled.