Focus
    1. Home
    2. Best Practices
    3. Decryption Best Practices
    Download PDF

    Decryption Best Practices

    Table of Contents
    Filter icon
    Filter
    10.2
    Expand all | Collapse all

    You can't defend against threats you can’t see. By enabling decryption on your next-gen firewalls you can inspect and control SSL/TLS and SSH traffic so that you can detect and prevent threats that would otherwise remain hidden in encrypted traffic. Use the best practice guidelines in this site to learn how to plan for and deploy decryption in your organization.  

    What Do You Want To Do?

    Plan Your SSL Decryption Best Practice Deployment

    Deploy SSL Decryption Using Best Practices

    Follow Post-Deployment SSL Decryption Best Practices

    Troubleshoot Decryption Issues

    Featured Topics

    Book Image

    SSL Decryption Exposes Encrypted Malware

    Expose Malware Now

    Troubleshoot

    Best Practice Decryption Profile: Data Center

    Decryption Profiles define the cipher suite settings the firewall accepts so you can protect against vulnerable, weak protocols and algorithms.

    Data Center Profile

    Recommended Topics

    Prepare to Decrypt

    Size your Deployment

    Best Practice Decryption: Internet Gateway

    You can't protect against threats you can't see. Decrypt as much traffic as local regulations and business requirements allow so you can inspect the traffic and block threats.

    Internet Gateway Profile

    Videos

    Driving to Best Practices by Overcoming SSL Decryption Complexities

    Why do I need SSL Decryption?

    Stop Operating in Darkness – Let Decryption Light the Way

    © 2025 Palo Alto Networks, Inc. All rights reserved.