Monday, May 31, 2021

Installing PaloAlto Certificate on Mobile phones or Computers - Traffic decryption

 As you all know, controlling smart phones in a Network could be a challenge. 


Especially these day many mobile applications works with  the secured version of HTTP > (HTTPS)

As a solution that might be useful for many of us is URL filtering.

Since Firewalls need to make SSL scanning or (Decryption) for HTTPS traffic to do that because as you know, HTTPS is encrypted.

you can do the decryption on the firewall which of course will have some impact on your firewall resources, but if you don't have a lot of users to apply decryption policy then that should be fine.


In my post, I'm going to apply decryption policy using PALOALTO firewall, which I think is a great firewall.

you can review the creation of the policy from an older post here on my blog on this link >

https://pbitccie.blogspot.com/2020/08/ssl-decryption-policy-on-paloalto.html


however, in regards to exporting and installing certifications on your devices, I will post here:

1. In order to export the certification you need to go to Device > Certificate management > certificates


2. select the certificate which was generated by the LAB Firewall and in my case it is showing with the firewall inside IP address of 10.211.250.253

3. choose the export option at the end of the page


4. you will get a drop list option from the window that will open and you will need to select the option

(.PEM or .DER) one of them is applicable to Windows and IPHONE, and the second is for Android based smart phones.



5. press OK and the certificate will be downloaded to your local disk.

now you need to import on your target device (PC, IPHONE, ANDROID phone)

NOTE: on PC you will need to install as trusted certificate.

on IPHONE you can email it to yourself and download it to your iphone then install from Settings> General > Profiles

on Android devices it can be installed from Advanced Wifi settings (look it up in google)


Once this all done, you can check if the users traffic is getting decrypted by the Firewall

go to > Monitor > Decryption


Or Go to > URL filter option and check the traffic for the filtered traffic there

NOTE: make sure the user does not have a direct access to internet and his IP is available in decryption policy and in Access Policy it must be applied with the URL filter options that you need (Allowed or Denied)


I hope this was helpful to you!


Thanks

Samer R. Saleem




-
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Python-Jinja template configuration generator for Cisco devices and printout configs to external text files

 In this post, I worked on collecting a code that works with Jinja template. the nice thing in working with Jinja is that you can have basel...