Decryption Broker with Policy Based Forwarding

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Decryption Broker with Policy Based Forwarding

L0 Member



I'd like to know if it is possible to use decryption broker with policy based forwarding on the same interface of the policy based forwarding as the scenarios is as the following :

We have a Bluecoat proxy connected to Palo Alto firewall using Policy Based Forwarding/Routing (PBR) so we want to know the possibility of making ssl decryption on palo alto and use decryption broker to send the traffic decrypted to Bluecoat on the Policy Based Forwarding interface.


Cyber Elite
Cyber Elite


You should be able to do this with several policy based forwarding policies. One would send traffic to the BlueCoat, and the other would send the traffic received from that interface to a different destination. However I would caution on this as you can overwhelm that interface pretty easily, so using two might be a better idea. 


I would obviously say that your PAN can do what the BlueCoat does and more, so use the PAN and skip the BlueCoat.



  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!