{"id":11182,"date":"2020-10-01T18:50:22","date_gmt":"2020-10-01T17:50:22","guid":{"rendered":"https:\/\/myworldofit.net\/?p=11182"},"modified":"2020-10-01T23:42:00","modified_gmt":"2020-10-01T22:42:00","slug":"palo-alto-ngfw-decryption-and-images-in-slack-not-displaying-or-uploading","status":"publish","type":"post","link":"https:\/\/myworldofit.net\/?p=11182","title":{"rendered":"Palo Alto NGFW, decryption and images in Slack not displaying or uploading"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">You may find that when doing decryption on a Palo Alto Networks Next Generation Firewall that images in Slack channels are not displayed or are only shown in a very low resolution &#8211; in addition images cannot be uploaded. When inspecting the HTTP error messages in your browser a 503 response may also be seen. <br>To top off the issue you may also see that User-ID isn&#8217;t mapping traffic from the Slack desktop application against the traffic which negates any User-ID based decryption exception you might have.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While helpful the Slack connection test tool at <a href=\"https:\/\/my.slack.com\/help\/test\">https:\/\/my.slack.com\/help\/test<\/a> also doesn&#8217;t appear to throw any errors.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/myworldofit.net\/wp-content\/uploads\/2020\/10\/image.png\" alt=\"\" class=\"wp-image-11176\" width=\"316\" height=\"163\" srcset=\"https:\/\/myworldofit.net\/wp-content\/uploads\/2020\/10\/image.png 316w, https:\/\/myworldofit.net\/wp-content\/uploads\/2020\/10\/image-300x155.png 300w\" sizes=\"auto, (max-width: 316px) 100vw, 316px\" \/><\/figure><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">To fix this issue you need a decryption exception custom URL rule for the <strong>files.slack.com<\/strong> domain (which fixes viewing images) along with the <strong>base domain for your Slack t<strong>enanc<\/strong>y<\/strong> (fixes uploads). This domain can be found by clicking the drop down in the top left corner of the Slack client.<br>If you have multiple Slack tenancies then you will need an exception for each one.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As always when making exceptions for your decryption policy please consider how it might degrade your ability to detect malicious usage of the network &#8211; in this case the sharing of files with unknown payloads.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For more information about Slack network usage visit: <a href=\"https:\/\/slack.com\/intl\/en-gb\/help\/articles\/360001603387-Manage-Slack-connection-issues\">https:\/\/slack.com\/intl\/en-gb\/help\/articles\/360001603387-Manage-Slack-connection-issues<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You may find that when doing decryption on a Palo Alto Networks Next Generation Firewall that images in Slack channels are not displayed or are only shown in a very low resolution &#8211; in addition images cannot be uploaded. When inspecting the HTTP error messages in your browser a 503 response may also be seen. To top off the issue&#8230; <a class=\"read-more\" href=\"https:\/\/myworldofit.net\/?p=11182\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[20],"tags":[526,497,268,495,496,525],"series":[],"class_list":["post-11182","post","type-post","status-publish","format-standard","hentry","category-software","tag-decryption","tag-ngfw","tag-palo-alto","tag-palo-alto-networks","tag-pan","tag-slack"],"_links":{"self":[{"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/posts\/11182","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11182"}],"version-history":[{"count":3,"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/posts\/11182\/revisions"}],"predecessor-version":[{"id":11186,"href":"https:\/\/myworldofit.net\/index.php?rest_route=\/wp\/v2\/posts\/11182\/revisions\/11186"}],"wp:attachment":[{"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11182"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/myworldofit.net\/index.php?rest_route=%2Fwp%2Fv2%2Fseries&post=11182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}