Use Traffic logs to verify that you decrypt traffic you
want to decrypt and don’t decrypt sensitive traffic that you don’t
want to decrypt.
After you configure a best practice decryption
profile and apply it to traffic, you can check both the
Decryption logs (introduced
in PAN-OS 10.0) and the Traffic logs to verify that the firewall
is decrypting the traffic that you intend to decrypt and that the firewall
is not decrypting the traffic that you don’t want to decrypt. This
topic shows you how to check decryption using Traffic logs. In addition,
follow post-deployment decryption
best practices to maintain the deployment.