: Decryption Options Tab
Focus
Focus

Decryption Options Tab

Table of Contents
End-of-Life (EoL)

Decryption Options Tab

Select the Options tab to determine if the matched traffic should be decrypted or not. If Decrypt is set, specify the decryption type. You can also add additional decryption features by configuring or selecting a Decryption profile.
Field
Description
Action
Select decrypt or no-decrypt for the traffic.
Type
Select the type of traffic to decrypt from the drop-down:
  • SSL Forward Proxy—Specifies that the policy will decrypt client traffic destined for an external server.
  • SSH Proxy—Specifies that the policy will decrypt SSH traffic. This option allows you to control SSH tunneling in policies by specifying the ssh-tunnel App-ID.
  • SSL Inbound Inspection—Specifies that the policy will decrypt inbound SSL traffic.
    • Certificate—Select the certificate for the internal server to which inbound SSL traffic is destined.
Decryption Profile
Attach a Decryption profile to the policy rule in order to block and control certain aspects of the traffic. For details on creating a Decryption profile, select Objects > Decryption Profile.
Log Settings
Log Successful SSL Handshake
(Optional) Creates detailed logs of successful SSL Decryption handshakes. Disabled by default.
Logs consume storage space. Before you log successful SSL handshakes, ensure you have the resources available to store the logs. Edit DeviceSetupManagementLogging and Reporting Settings to check the current log memory allocation to and re-allocate log memory among log types.
Log Unsuccessful SSL Handshake
Creates detailed logs of unsuccessful SSL Decryption handshakes so you can find the cause of decryption issues. Enabled by default.
Logs consume storage space. To allocate more (or less) log storage space to Decryption logs, edit the log memory allocation (DeviceSetupManagementLogging and Reporting Settings).
Log Forwarding
Specify the method and location to forward GlobalProtect SSL handshake (decryption) logs.