Inspect SSL/TLS Handshakes (PAN-OS & Panorama)

1. Select Device > Licenses to confirm that you have an active Advanced URL Filtering or legacy URL Filtering license.
2. Verify that you decrypt SSL/TLS traffic through either SSL Forward Proxy or SSL Inbound Inspection.
3. Enable inspection of SSL/TLS handshakes by CTD. By default, the option is disabled.
   1. Select Device SetupSessionDecryption Settings SSL Decryption Settings.
   2. Select Send handshake messages to CTD for inspection.
      Alternatively, you can use the set deviceconfig setting ssl-decrypt scan-handshake <yes|no> CLI command.
   3. Click OK.
4. Commit your configuration changes.