To enable Credential Phishing Prevention on a Palo Alto Networks firewall, three key settings must be configured:
Define an SSL Decryption Rulebase: SSL decryption is necessary to inspect encrypted traffic for credential submission attempts. Without decryption, the firewall cannot see the contents of SSL/TLS encrypted traffic.
Enable User-ID: User-ID is needed to associate traffic with specific users, which is crucial for applying user-specific security policies, including credential phishing prevention.
Define URL Filtering Profile: A URL filtering profile is used to identify and block access to phishing websites. This profile can be configured to enforce strict controls over websites that users are allowed to access, thus preventing credential submission to malicious sites.
These configurations ensure that the firewall can effectively monitor and prevent phishing attempts by inspecting traffic, associating it with users, and controlling access to potentially harmful websites.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit