- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-11-2024 06:19 AM - edited 06-11-2024 06:22 AM
I spent several hours yesterday trying to get decryption working. Everything kept coming back to being able to view the decryption log under Monitor>Logs>Decryption. However, my Palos did not have a "Decryption" option under Logs, and I could not figure out why, and could not find any documentation to explain why I could not see that option on my firewalls. Was it because I didn't have the right license? Was it a configuration setting somewhere that was not enabled? Was it because decryption just wasn't working and so there were no log messages to display?
I'm putting this here so that hopefully if someone else has the same problem they don't waste hours like I did trying to figure out why this thing that all the documentation says you can just find at Monitor>Logs>Decryption, was no where to be found. (So frustration...)
The problem for me came down to the fact that we use Radius for normal access to our Palos. If I logged in with the local admin account, I was able to see the decryption log under the list of logs. Now I need to find out if there is a way to have Radius authenticated Admins receive Admin level access to the Palos so admins don't have to login with the local admin account.
06-11-2024 04:17 PM
Hello @dsmall-pa
thanks for post.
Based on what you described my first thought is that your RADIUS authenticated account is bound to custom role that does not have decryption logs enabled. Below is a sample:
The decryption logs were introduced in PAN-OS 10.0 (Here is the reference: Verify Decryption) and it is possible that whoever created a custom role in earlier version of PAN-OS prior to 10.0 has enabled access to log options available at that time. After decryption logs were introduced this log option comes automatically as disabled therefore it is not available to your RADIUS account.
I would recommend to review setting for custom role if this is indeed being used.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!