How Do I Know if Traffic Is Hitting a Decryption Policy?

This article is based on a discussion, how can I know that traffic is hitting a configured decryption policy ?, posted by @AKamal and answered by @OtakarKlier, @Panos, @VinceM, @Sraghunandan and @Adrian_Jensen. Read on to see the discussion and solution!

SSL decryption Policy question: How can I know that traffic is hitting a configured decryption policy ?

There's nothing in the Monitor Tab for decryption policies, nor can I get anything out of the CLI command "show log traffic rule equal DECRYPTION-RULE-NAME"

Any ideas ?

If traffic hits a rule and is decrypted you can see it from monitor/traffic log inside the Log Details
The following CLI commands are useful too
```
> show session all 
or
> show session all filter ssl-decrypt yes
```
If you see an asterisk under the 'Flag' column that means the session is getting decrypted.
There are a lot of hidden Columns in the logs. To add them into the view, click one of the column headers and then hover your mouse over the Columns chevron and the display options appear.

The ones you will want to have checked are the following:

NOTE: "Decryption Rule" must be a PAN-OS 10.x specific column as it does not show up in PAN-OS 9.x. However, you can test which decryption rule would apply to a given source/destination by using the 'Test Policy Match" tool at the bottom of the Decryption Policy page.

Additional information:

TechDocs: Troubleshoot and Monitor Decryption