Saucepan

User Tools

Site Tools

Trace: bind_configure_guide dynamic_dns wireshark ocsp firewall_rules high_availability url-filtering troubleshooting dhcp ipv4
paloaltonetworks:configuration:decryption

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:configuration:decryption [2021/05/05 14:15] – [Decryption Profile] bstaffordpaloaltonetworks:configuration:decryption [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 74: Line 74:
 <code>watson.telemetry.microsoft.com <code>watson.telemetry.microsoft.com
 watson.microsoft.com</code> watson.microsoft.com</code>
 +
 +For Chromebooks to access the Internet (Aug 2021)
 +<code>accounts.google.com/
 +chrome.google.com/
 +connectivitycheck.android.com/
 +*.ggpht.com/</code>
 +
 For Cortex XDR Traffic: For Cortex XDR Traffic:
 <code>*.traps.paloaltonetworks.com <code>*.traps.paloaltonetworks.com
Line 290: Line 297:
 To see what SSL/TLS protocls are in use on a server, use this command To see what SSL/TLS protocls are in use on a server, use this command
 <code>nmap --script ssl-enum-ciphers -p 443 1.1.1.1</code> <code>nmap --script ssl-enum-ciphers -p 443 1.1.1.1</code>
 +===== Download Certificate ===== 
 +<code>openssl s_client -showcerts -servername www.example.com -connect www.example.com:443</code>
 ===== Inbound Inspection Limitation ===== ===== Inbound Inspection Limitation =====
  
Line 381: Line 389:
 Microsoft list their root and intermediate certificates [[https://docs.microsoft.com/en-gb/microsoft-365/compliance/encryption-office-365-certificate-chains?|here]]. Microsoft list their root and intermediate certificates [[https://docs.microsoft.com/en-gb/microsoft-365/compliance/encryption-office-365-certificate-chains?|here]].
  
 +===== Sophos Decryption Exception =====
 +List of URLs that Sophos excludes from decryption
 +  * adobe.com
 +  * ecure.echosign.com
 +  * agni.lindenlab.com
 +  * atl.citrixonline.com
 +  * authentication.citrixonline.com
 +  * iad.citrixonline.com
 +  * citrixonlinecdn.com
 +  * las.citrixonline.com
 +  * live.citrixonline.com
 +  * ord.citrixonline.com
 +  * sjc.citrixonline.com
 +  * fra.citrixonline.com
 +  * ams.citrixonline.com
 +  * servers.citrixonline.com
 +  * play.google.com
 +  * tpncs.simplifymedia.net
 +  * tpnxmpp.simplifymedia.net
 +  * gotomeeting.com
 +  * icloud.com
 +  * apple.com
 +  * gsa.apple.com
 +  * gsas.apple.com
 +  * itunes.apple.com
 +  * ess.apple.com
 +  * gc.apple.com
 +  * appstore.com
 +  * courier.sandbox.push.apple.com
 +  * swscan.apple.com
 +  * itwin.com
 +  * livemeeting.com
 +  * logmein.com
 +  * secure.logmeinrescue.com
 +  * mozilla.org
 +  * packetix.net
 +  * pgiconnect.com
 +  * softether.com
 +  * telex.cc
 +  * vedivi.com
 +  * vudu.com
 +  * adobelogin.com
 +  * android.com
 +  * bitdefender.com
 +  * bitdefender.net
 +  * books.google.com
 +  * drive.google.com
 +  * cloudmosa.com
 +  * crsi.symantec.com
 +  * central.avsi.symantec.com
 +  * services-prod.symantec.com
 +  * shasta-mr-healthy.symantec.com
 +  * login.norton.com
 +  * nds.norton.com
 +  * stats.norton.com
 +  * zpi.nortonzone.com
 +  * central.nrsi.symantec.com
 +  * ent-shasta-mr-clean.symantec.com
 +  * ent-shasta-rrs.symantec.com
 +  * vip.symantec.com
 +  * tses.symantec.com
 +  * www.nortonzone.com
 +  * dochub.com
 +  * dropbox.com
 +  * dropcam.com
 +  * fedoraproject.org
 +  * informaticacloud.com
 +  * informaticaondemand.com
 +  * infra.lync.com
 +  * activation.sls.microsoft.com
 +  * messenger.live.com
 +  * lr.live.net
 +  * account.live.com
 +  * accounts.mesh.com
 +  * update.microsoft.com
 +  * storage.mesh.com
 +  * sls.microsoft.com
 +  * windowsupdate.microsoft.com
 +  * windowsupdate.com
 +  * phonefactor.com
 +  * logentries.com
 +  * mzstatic.com
 +  * onepagecrm.com
 +  * osdimg.com
 +  * pathviewcloud.com
 +  * periscope.tv
 +  * postlm.com
 +  * postls.com
 +  * two.postls.com
 +  * quip.com
 +  * rhn.redhat.com
 +  * rooms.hp.com
 +  * securewebportal.net
 +  * sharpcast.com
 +  * silentcircle.com
 +  * silentcircle.net
 +  * snapchat.com
 +  * table14.fr
 +  * urlcloud.paloaltonetworks.com
 +  * vagrantcloud.com
 +  * verisign.com
 +  * wdcdn.net
 +  * wiredrive.com
 +  * whatsapp.net
 +  * whispersystems.org
 +  * wildfire.paloaltonetworks.com
 +  * anywhere2.telus.com
 +  * api.twitter.com
 +  * auth.gfx.ms
 +  * auth2.triongames.com
 +  * autoupdate.opera.com
 +  * bitbucket.org
 +  * discordapp.com
 +  * login.kaseya.net
 +  * myquickcloud.com
 +  * notify.mql5.com
 +  * updates.metaquotes.net
 +  * novafusion.ea.com
 +  * owner-api.teslamotors.com
 +  * portal.aws.amazon.com
 +  * secure.hp-ww.com
 +  * softwareupdate.vmware.com
 +  * sp.cwfservice.net
 +  * sso.8x8.com
 +  * vm.8x8.com
 +  * www.origin.com
 +  * sophos.com
 +  * sophosxl.com
 +  * sophosxl.net
 +  * sophosupd.com
 +  * sophosupd.net
 +  * mojave.net
 +  * alert.hitmanpro.com
 +  * tf-edr-message-upload-eu-central-1-prod-bucket.s3.amazonaws.com
 +  * tf-edr-message-upload-eu-west-1-prod-bucket.s3.amazonaws.com
 +  * tf-edr-message-upload-us-east-2-prod-bucket.s3.amazonaws.com
 +  * tf-edr-message-upload-us-west-2-prod-bucket.s3.amazonaws.com
 +  * mp.microsoft.com
 +  * wdcp.microsoft.com
 +  * definitionupdates.microsoft.com
 +  * go.microsoft.com
 +  * smartscreen.microsoft.com
 +  * wns.windows.com
 +  * logmeinrescue-enterprise.com
 +  * duosecurity.com
 +  * agentsmith.akamai-access.com
paloaltonetworks/configuration/decryption.1620224127.txt.gz · Last modified: (external edit)