Details
Allow the firewall to forward decrypted content to WildFire. Note that SSL Forward-Proxy must also be enabled and configured for this setting to take effect on inside-to-outside traffic flows.
Rationale:
As encrypted Internet traffic continues to proliferate, WildFire becomes less effective unless it is allowed to act on decrypted content. For example, if a user downloads a malicious pdf over SSL, WildFire can only provide analysis if 1) the session is decrypted by the firewall and 2) forwarding of decrypted content is enabled. In today’s internet, roughly 70-80% of all user traffic is encrypted. If Wildfire is not configured to analyze encrypted content, the effectiveness of Wildfire is drastically reduced.
Solution
Navigate to Device > Setup > Content-ID > Content-ID Settings.
Set Allow forwarding of decrypted content to be checked.
or
Execute the following CLI command to set the ssl-decryption configuration:
[email protected]#configure
[email protected]#set setting ssl-decrypt allow-forward-decrypted-content yes
[email protected]#commit
Default Value:
Not Configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Palo_Alto.