The Next-Generation Firewall (NGFW) acts as a proxy between clients and servers during SSL Forward Proxy and SSL Inbound Inspection, making visibility into each proxied connection essential. However, decryption logs that lack this visibility, miss other critical details, or are difficult to analyze complicate monitoring and hinder troubleshooting. PAN-OS® 12.1 addresses these issues with comprehensive improvements to decryption logs.

Decryption log fields now distinguish between the client-side session (traffic between the client and NGFW) and the server-side session (traffic between the NGFW and server). These fields have a "client" or "server" prefix, enabling you to compare values and understand what is happening at each stage of the proxied connection. Fields that apply to the session as a whole, such as Session ID, do not have these labels.

In addition, new fields record decryption status, reasons for decryption exclusion, and certificate revocation status based on Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) checks. For example, Decryption Status records if a session was decrypted or not and whether it was by failure or design.

Further, existing error messages have been simplified, and new error messages have been added. These updates make it easier to interpret decryption log errors and identify the ones requiring more immediate attention.

All decryption log improvements are automatically enabled for platforms with decryption logging capabilities.