Activate Free Licenses for Decryption Features

Activate the free license required to get started with Decryption Port Mirroring.
Decrypting SSH traffic and SSL traffic (SSL internet traffic or SSL traffic to an internal server) does not require a license. However, you must activate a free license in order to enable Decryption Mirroring. The free license requirement ensures that this feature can only be used after the approved personnel purposefully activates the associated license.
In PAN-OS 10.1, the Decryption Broker feature and free license were replaced with Network Packet Broker (see the Networking Administrator’s Guide), which expands the broker’s capabilities to non-decrypted TLS traffic and non-TLS traffic in addition to decrypted TLS traffic. Network Packet Broker licenses are also free to download and install from the Customer Support Portal.
Follow these steps on the Palo Alto Networks Customer Support Portal to activate a decryption mirroring feature license.
  1. Select
    Assets
    Devices
    on the left-hand navigation pane.
  2. Find the device on which you want to enable decryption port mirroring and select
    Actions
    (the pencil icon).
  3. Under Activate Licenses, select
    Activate Feature License
    .
  4. Select the feature for which you want to activate a free license:
    Decryption Port Mirror
    .
  5. Agree and Submit
    .
  6. Install the decryption mirroring license on the firewall.
    1. Select
      Device
      Licenses
      .
    2. Click
      Retrieve license keys from the license server
      .
    3. Verify that the
      Decryption Port Mirror
      license is now active on the firewall.
    4. Restart the firewall (
      Device
      Setup
      Operations
      ). Decryption port mirroring is not available for configuration until the firewall reloads.

Recommended For You