Decryption Licenses

Activate the free licenses required to get started with Decryption Broker and Decryption Port Mirroring.
No licenses are required to decrypt SSH traffic and SSL traffic (SSL internet traffic or SSL traffic to an internal server).
However, you must activate a free license in order to enable Decryption Broker and Decryption Mirroring. The free license requirement ensures that these features can only be used after the approved personnel purposefully activates the associated license.
Follow these steps on the Palo Alto Networks Customer Support Portal to activate a decryption broker or decryption mirroring feature license.
  1. Log in to the Customer Support Portal.
  2. Select AssetsDevices on the left-hand navigation pane.
  3. Find the device on which you want to enable decryption broker or decryption port mirroring and select Actions (the pencil icon).
  4. Under Activate Licenses, select Activate Feature License.
  5. Select the feature for which you want to activate a free license: Decryption Port Mirror or SSL Decryption Broker.
  6. Agree and Submit.
  7. Install the decryption broker or decryption mirroring license on the firewall.
    1. Select DeviceLicenses.
    2. Click Retrieve license keys from the license server.
    3. Verify that the SSL Decryption Broker or the Decryption Port Mirror license is now active on the firewall.
    4. Restart the firewall (DeviceSetupOperations). Decryption port mirroring and decryption broker are not available for configuration until the firewall reloads.

Related Documentation