Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

L1 Bithead

Here is the actual solution to PCAP the decrypted traffic

 

  1. you have to install the free decryption port mirror license
  2. configure the decryption mirror port
  3. configure the decryption profile to mirror to the decrypt port
  4. attach the decryption profile to the decryption rule
  5. don't forget to commit 😉

     

Most of the steps above are covered here: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/decryption/configure-decryption-port-mirr...

 

Then you can PCAP the decryption mirror port, and you will get decrypted data. It doesn't actually have to be plugged into anything, just configured.

 

 

View solution in original post

Who rated this post