You're welcome, I'm glad you liked the video. :)

Thank you, I'm glad you liked it. :-)

Hi. Thank you for the comment. :-) im glad you liked the video. I will keep your suggestion in mind for the next tutorials.

Hi. The second firewall will consider the first as a client (normal PC, just as a server doesn't know it's communicating with a firewall), and will show its certificate to the first firewall. I hope I could answer your question. :)

@@netsums Thank you ever so much for your response. I thought along the same lines. Problem is one firewall will only allow us to export it's root CA cert the other is a Palo. We have to work out the logic to position the firewalls in a way to achieve our goals. Thanks again.

In my opinion the Palo does a pretty good job identifying apps, like differenciating Google drive/docs uploads and downloads, for example. So I would tend to activate the ssl decryption only on the Palo and not on the other firewall, specially if you have the threat prevention license. But yes, it depends also on how the firewalls are setup in your environment.

That's also my experience. Nowadays most companies need it, but it can be a pain for the administrators. And not all users are very understanding, when something that worked before suddenly stops working. 😊

Hi. What do you mean exactly? Through zones? Or like using different virtual routers?

I'm not sure I understand your question. In some countries there are some connections that are not allowed to be decrypted. Each company has its own policies. The advantage of SSL decryption is that the firewall gains more visibility on the traffic.