Network Packet Broker

Network Packet Broker filters and forwards network traffic to an external security chain of one or more third-party security appliances. Network Packet Broker replaces the Decryption Broker feature introduced in PAN-OS 8.1 and expands its capabilities to include forwarding non-decrypted TLS traffic and non-TLS traffic (cleartext) as well as decrypted TLS traffic. The ability to handle all types of traffic is especially valuable in very high security environments such as financial and government institutions.
Network Packet Broker is supported for PA-7000 Series, PA-5400 Series, PA-5200 Series, PA-3200 Series devices and VM-300 and VM-700 models. It requires SSL Forward Proxy decryption to be enabled, where the firewall is established as a trusted third party (or man-in-the-middle) to session traffic.
A firewall interface cannot be both a decryption broker and a GRE tunnel endpoint.

Recommended For You