PANOS decryption tip

I was troubleshooting something with an org a while back where they needed to do decryption for just one "URL", but the  FQDN IP address matching matches numerous sites.

So let's use example.com which has the following;

www.example.com

www.example.net.

www.example.org

and www.example.edu

all map to the same single IP. address; 93.184.216.34

kfelix@kfelixs-MacBook-Air ~ % host www.example.com 

www.example.com has address 93.184.216.34

www.example.com has IPv6 address 2606:2800:220:1:248:1893:25c8:1946

kfelix@kfelixs-MacBook-Air ~ % host www.example.net

www.example.net has address 93.184.216.34

www.example.net has IPv6 address 2606:2800:220:1:248:1893:25c8:1946

kfelix@kfelixs-MacBook-Air ~ % host www.example.org

www.example.org has address 93.184.216.34

www.example.org has IPv6 address 2606:2800:220:1:248:1893:25c8:1946

kfelix@kfelixs-MacBook-Air ~ % host www.example.edu

www.example.edu has address 93.184.216.34

www.example.edu has IPv6 address 2606:2800:220:1:248:1893:25c8:1946

kfelix@kfelixs-MacBook-Air ~ % 

So let's say you want to decrypt traffic to www.example.com and not the others. 

Do not use a decryption rule with an IP or FQDN address object in the decryption n rule. 

You should use a "custom URL" list. Here are a few screenshots of how that would look from the web UI

1st the wrong method was deployed ( they had used an address object FQDN ) 

Now the method was changed to use a custom URL list the destination field for IP was left as an ANY.

Now www.exmple.net was not decrypted when user-initiated traffic to that "URL" based on traffic log

But https://www.exmple.com was decrypted when user-initiated traffic to that "URL"

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \