Palo Alto Networks recommends starting SSL decryption with High Risk categories (Option B) because they’re more likely to contain threats (e.g., malware, phishing) that require visibility for inspection, balancing security and resource use.
Options A, C, and D (Online Storage, Health, Financial) are less risky or privacy-sensitive, making them lower priorities. Best practice guides prioritize High Risk for initial decryption.
[Reference: PAN-OS 11.2 Best Practice Guide, "Decryption" section - SSL Decryption Deployment Strategy., , , , , , , , , , ]
Submit