—The Decryption Log
(introduced in PAN-OS 10.0) provides comprehensive information about
individual sessions that match a
Decryption policy (use a
No Decryption policy for traffic you don’t decrypt) and about GlobalProtect sessions
when you enable Decryption logging in GlobalProtect Portal or GlobalProtect
Gateways configuration. Select which columns to display to view
information such as application, SNI, Decryption Policy Name, error
index, TLS version, key exchange version, encryption algorithm,
certificate key types, and many other characteristics. Filter the
information in columns to identify traffic that uses particular
TLS versions and algorithms, particular errors, or any other characteristics
you want to investigate. By default, Decryption policies log only unsuccessful
TLS handshakes. Depending on the available log storage, you can configure
Decryption policies to log successful TLS handshakes as well.