Focus

Decryption Features

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Mobile Infrastructure Security Features

App-ID Features

Decryption Features

What new decryption features are included in PAN-OS 11.2?

TLSv1.3 Support for HSM Integration with SSL Inbound Inspection

May 2024

Introduced in PAN-OS 11.2.0

PAN-OS now supports the decryption of TLSv1.3 sessions in SSL Inbound Inspection mode when the private keys of internal servers are stored on Hardware Security Modules (HSMs). The superior performance and security of TLSv1.3 combined with the protection of HSMs hardens inbound decryption. This feature is only compatible with the Thales Luna Network and Entrust nShield Connect HSMs. To activate this support, use the

set ssl inbound-inspection tls1.3-with-hsm enable yes

CLI command. This feature is disabled by default. You must set up connectivity between a supported HSM and Palo Alto Networks appliances and
apply a Decryption profile that specifies TLSv1.3 as the minimum or maximum supported TLS version to an SSL Inbound Inspection rule first.

Mobile Infrastructure Security Features

App-ID Features

Next-Generation Firewall Docs

Decryption Features

Next-Generation Firewall Docs

Decryption Features

TLSv1.3 Support for HSM Integration with SSL Inbound Inspection

Recommended For You

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner