we have PA 220 model
and when we implement SSL decryption we can observe the ping delay in our trust interface.THE cpu load is 50 %
when we turn off the SSL decryption everything is normal
I think there is something else going on here. You cannot even add ping or ICMP traffic to a decryption policy and pings will not be decrypted and should not be impacted/impacting the load like that. I have a few 220s in the lab and have not seen this behavior. Might be time to look at logs and pcaps when you are seeing this behavior.
As @hshawn mentioned the issue wouldn't be caused by SSL Decryption, but it certaintly could be putting enough of a load on your firewall that the issue is caused because of SSL Decryption. I would really look at the overall device health when you are enabling SSL-Decryption, such as SPS count and the like and see if your box isn't hitting some other limit other than CPU.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!