—The Decryption Log (introduced
in PAN-OS 10.0) provides comprehensive information about individual
sessions that match a
Decryption policy,
use a No Decryption policy for traffic you don’t decrypt, and GlobalProtect
sessions when you enable Decryption logging in GlobalProtect Portal
or GlobalProtect Gateways configuration. Select which columns to
display to view information such as application, SNI, Decryption
Policy Name, error index, TLS version, key exchange version, encryption
algorithm, certificate key types, and many other characteristics.
Filter the information in columns to identify traffic that uses
particular TLS versions and algorithms, particular errors, or any
other characteristics you want to investigate. By default, Decryption
policies log only unsuccessful TLS handshakes. If you have the available
log storage, configure Decryption policies to log successful TLS
handshakes as well to gain visibility into those decrypted sessions.