Decryption Options Tab

Select the
Options
tab to determine if the matched traffic should be decrypted or not. If
Decrypt
is set, specify the decryption type. You can also add additional decryption features by configuring or selecting a decryption profile.
Field
Description
Action
Select
decrypt
or
no-decrypt
for the traffic.
Type
Select the type of traffic to decrypt from the drop-down:
  • SSL Forward Proxy
    —Specifies that the policy will decrypt client traffic destined for an external server.
  • SSH Proxy
    —Specifies that the policy will decrypt SSH traffic. This option allows you to control SSH tunneling in policies by specifying the ssh-tunnel App-ID.
  • SSL Inbound Inspection
    —Specifies that the policy will decrypt SSL inbound inspection traffic.
Decryption Profile
Attach a decryption profile to the policy rule in order to block and control certain aspects of the traffic. For details on creating a decryption profile, select Objects > Decryption Profile.
Log Settings
Log Successful SSL Handshake
(
Optional
) Creates detailed logs of successful SSL Decryption handshakes. Disabled by default.
Logs consume storage space. Before you log successful SSL handshakes, ensure you have the resources available to store the logs. Edit
Device
Setup
Management
Logging and Reporting Settings
to check the current log memory allocation to and re-allocate log memory among log types.
Log Unsuccessful SSL Handshake
Creates detailed logs of unsuccessful SSL Decryption handshakes so you can find the cause of decryption issues. Enabled by default.
Logs consume storage space. To allocate more (or less) log storage space to Decryption logs, edit the log memory allocation (
Device
Setup
Management
Logging and Reporting Settings
).
Log Forwarding
Specify the method and location to forward GlobalProtect SSL handshake (decryption) logs.

Recommended For You