Perform the following steps to enable the
firewall to act as a decryption broker that distributes traffic
to a Transparent Bridge Security Chain for additional analysis and
enforcement. Enabling the firewall as a decryption broker includes:
Set up a Transparent Bridge security chain that adheres to
the Transparent Bridge Security Chain Guidelines.
Activate the free decryption broker license (
Decryption Licenses).
This includes going to the Palo Alto Networks
Customer Support Portal to activate the
license, and then installing the license on the firewall.
Enable a pair of Layer 3 firewall interfaces as decryption
forwarding interfaces. Each pair of decryption forwarding interfaces
supports one transparent bridge security chain; you’ll need to create
multiple decryption forwarding interface pairs to support multiple
Transparent Bridge security chains.
Configure a Decryption Forwarding profile to enable the firewall
to forward decrypted sessions to a Transparent Bridge security chain
and to monitor security chain performance.
Even
if you plan to enable decryption broker with multiple Transparent
Bridge security chains, you must perform the following steps first.