The root cause of our problem was the fact that the consolidation of our ASAs into a single physical platform resulted in there being "trusted internal" addresses appearing on our "untrusted external" ports on Palo Alto. Previous versions of the VMware View Agent were not encrypting all packets, so Palo Alto could recognize the PCoIP application, which made correlations easy. However, the new VMware View Agent v5.2 has more encrypted content, so the amount of searchable information that Palo Alto can access is limited. We ended up creating a new Palo Alto policy to specifically allow SSL traffic from our two VMware View Security Servers.
↧