Perform the following steps to enable the
firewall to act as a decryption broker that distributes traffic
to a Layer 3 Security Chain for additional analysis and enforcement.
Enabling the firewall as a decryption broker includes:
Set
up a Layer 3 security chain that adheres to the Layer 3 Security
Chain Guidelines.
Activate the free decryption broker license (
Decryption
Licenses). This includes going to the Palo Alto Networks
Customer Support Portal to activate the
license, and then installing the license on the firewall.
Enable at least two firewall interfaces as decryption forwarding
interfaces. A pair of decryption forwarding interfaces can support
up to 64 security chains.
Configure a Decryption Forwarding profile to enable the firewall
to forward decrypted sessions to one or multiple security chains, to
distribute those sessions amongst multiple security chains, and
to monitor security chain health.