Problems with ping due to SSL decryption

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problems with ping due to SSL decryption

L4 Transporter


we have PA 220 model

and when we implement SSL decryption we can observe the ping delay in our trust interface.THE cpu load is 50 %

when we turn off the SSL decryption everything is normal


L4 Transporter

I think there is something else going on here. You cannot even add ping or ICMP traffic to a decryption policy and pings will not be decrypted and should not be impacted/impacting the load like that. I have a few 220s in the lab and have not seen this behavior. Might be time to look at logs and pcaps when you are seeing this behavior. 

Cyber Elite
Cyber Elite


As @hshawn mentioned the issue wouldn't be caused by SSL Decryption, but it certaintly could be putting enough of a load on your firewall that the issue is caused because of SSL Decryption. I would really look at the overall device health when you are enabling SSL-Decryption, such as SPS count and the like and see if your box isn't hitting some other limit other than CPU. 

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!