How to config Squid SSL bump to let Paloalto PA series firewall recognize App-ID

Question

A Paloalto firewall(PA-2050,POS 4.1x) was capable of recognizing the websites which users are visiting(thru http/https) then flag them with a App-ID and apply application control on the traffic, for instance blocking all webmail/file sharing/social media... etc.

But PA-2050 can only recognize those traffic visiting websites with https as "SSL" after we setup a Squid proxy 3.4 with SSL bump before the firewall. This crippling the application control mechanism of PA firewall.

Anyone knows how to config Squid 3.4 (or PA-2050) so as to recover the application control capability on https traffic thru Squid proxy?

score 0 · Answer 1 · answered Jan 24 '15 at 13:16

The Palo Alto firewall can be set to use a Decryption policy to inspect the traffic after it passes through the Squid proxy. This will then allow the Palo Alto to see the decrypted traffic and once again assign meaningful App-IDs. See How to Implement SSL Decryption.

How to config Squid SSL bump to let Paloalto PA series firewall recognize App-ID

1 Answers1