Decryption Licenses

Activate the free licenses required to get started with Decryption Broker and Decryption Port Mirroring.
No licenses are required to decrypt SSH traffic and SSL traffic (SSL internet traffic or SSL traffic to an internal server).
However, you must activate a free license in order to enable Decryption Broker and Decryption Mirroring. The free license requirement ensures that these features can only be used after the approved personnel purposefully activates the associated license.
Follow these steps on the Palo Alto Networks Customer Support Portal to activate a decryption broker or decryption mirroring feature license.
  1. Select
    Assets
    Devices
    on the left-hand navigation pane.
  2. Find the device on which you want to enable decryption broker or decryption port mirroring and select
    Actions
    (the pencil icon).
  3. Under Activate Licenses, select
    Activate Feature License
    .
  4. Select the feature for which you want to activate a free license:
    Decryption Port Mirror
    or
    SSL Decryption Broker
    .
    decryption-licenses.png
  5. Agree
    and
    Submit
    .
  6. Install the decryption broker or decryption mirroring license on the firewall.
    1. Select
      Device
      Licenses
      .
    2. Click
      Retrieve license keys from the license server
      .
    3. Verify that the
      SSL Decryption Broker
      or the
      Decryption Port Mirror
      license is now active on the firewall.
    4. Restart the firewall (
      Device
      Setup
      Operations
      ). Decryption port mirroring and decryption broker are not available for configuration until the firewall reloads.

Related Documentation