Activate Free Licenses for Decryption Features
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Activate Free Licenses for Decryption Features
Activate the free license required to get started with
Decryption Port Mirroring.
Decrypting SSH traffic and SSL traffic (SSL internet traffic or SSL traffic to an internal server) does
not require a license. However, you must activate a free license
in order to enable Decryption
Mirroring. The free license requirement ensures that this
feature can only be used after the approved personnel purposefully
activates the associated license.
In PAN-OS 10.1, the
Decryption Broker feature and free license were replaced with Network
Packet Broker (see the Networking Administrator’s Guide),
which expands the broker’s capabilities to non-decrypted TLS traffic
and non-TLS traffic in addition to decrypted TLS traffic. Network Packet Broker licenses are
also free to download and install from the Customer Support Portal.
Follow
these steps on the Palo Alto Networks Customer Support Portal to
activate a decryption mirroring feature license.
- Log in to the Customer Support Portal.Select AssetsDevices on the left-hand navigation pane.Find the device on which you want to enable decryption port mirroring and select Actions (the pencil icon).Under Activate Licenses, select Activate Feature License.Select the feature for which you want to activate a free license: Decryption Port Mirror.Agree and Submit.Install the decryption mirroring license on the firewall.
- Select DeviceLicenses.Click Retrieve license keys from the license server.Verify that the Decryption Port Mirror license is now active on the firewall.Restart the firewall (DeviceSetupOperations). Decryption port mirroring is not available for configuration until the firewall reloads.