Firewall do Zero #4 SSL Decryption no Palo Alto com AD CS CA do Windows na Prática

In this #4 lesson of the "Firewall from Scratch" series, we configure SSL Decryption on Palo Alto using the Windows AD (Active Directory Certificate Services) CA to sign certificates presented to domain clients. What you will see, from start to finish: How certificates work in Palo Alto: Forward Trust vs. Forward Untrust (when each is used). Importing the Root CA from AD and generating a Sub-CA certificate in the firewall for Forward Trust. Creating a second certificate for Forward Untrust. Decryption Policy (Outbound) and SSL Decryption Profile with best practices: blocking untrusted issuers, self-signed/auto-sign certificates, expired certificates, etc. Test on a Windows machine already on the domain: we access websites with and without decryption and compare the certificate in the browser. Demonstration on badssl.com showing the firewall acting and blocking according to the profile. Topics to navigate: 00:00 Intro 00:55 Lab Changes 01:40 Windows Certificate 02:45 Explaining Decryption 04:00 Showing Paloalto 05:00 Importing a certificate from AD 07:30 Generating a CSR certificate in Paloalto 08:59 Signing a CSR certificate in AD 10:44 Importing a signed CSR certificate 11:27 Setting the certificate as Decryption 11:47 Creating a BAD certificate 13:10 Decryption Profile 14:00 Decryption Policy 15:10 Checking a Windows connection without decryption 17:30 Commit 18:30 Checking a Windows connection with decryption 20:00 Testing an insecure website 21:00 What we will do in the next classes 21:30 Leave a like, guys! If this video helped you in any way, consider leaving a like! Thank youuu