Does SSL decryption uses software or Hardware

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Does SSL decryption uses software or Hardware

Cyber Elite
Cyber Elite

 

Need to confirm when we enable ssl decryption then it is resource intensive.

 

Does it uses both hardware and software resources?

MP

Help the community: Like helpful comments and mark solutions.
1 accepted solution

Accepted Solutions

@MP18,

PA-32xx and above (anything in the 5k or 7k series) does ssl decryption via dedicated hardware. The PA-2xx, PA-8xx, and PA-30xx are strictly software based. Regardless of what model you have the MP CPU usage will increase; it simply increases by a wider margin with the PA-2xx, PA-8xx and PA-30xx series devices. 

 

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

@MP18,

You'll see a resource hit when you enable decryption, and the size of the hit depends on a number of metrics. I'd recommend that when you first enable decryption you start with a subset of users to see what your companies specific hit will actually be. Keep in mind that each platform will also have stats specific to SSL-Decryption on their datasheet, so that's one area you can look to see if you have large enough firewalls to actually support the feature.

 

Thanks for that info.

Need to know if SSL decryption is done by hardware on 5050 or 5220 PA?

MP

Help the community: Like helpful comments and mark solutions.

@MP18,

PA-32xx and above (anything in the 5k or 7k series) does ssl decryption via dedicated hardware. The PA-2xx, PA-8xx, and PA-30xx are strictly software based. Regardless of what model you have the MP CPU usage will increase; it simply increases by a wider margin with the PA-2xx, PA-8xx and PA-30xx series devices. 

 

Hello, 

Would it be possible to know the source of the information regarding the fact that SSL decryption is hardware for models greater than or equal to 32xxx?
I can't find anything about this :(.

  • 1 accepted solution
  • 3890 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!