Create a Decryption Profile

Create decryption profiles to control how SSL forward proxy and SSL inbound inspection perform session mode checks, server checks, and failure checks. You can create a maximum of 500 decryption profiles in each policy.

Before you can create a decryption profile:
Important

Some names are reserved by Palo Alto Networks®. If you create a policy component with a reserved name, the process fails with an error. See Reserved Names.
    1. On the navigation menu, click Identity & Security. Under Firewalls, click Network Firewall Policies.
    2. Click the policy.
    3. Under Policy resources, click Decryption profiles.
    4. Click Create decryption profile.
    5. Enter the information for the decryption profile:
      • Name: Enter a name for the decryption profile.
      • Type: Select a Decryption profile type. Use SSL inbound inspection if you plan to decrypt or inspect SSL/TLS traffic from internal users to the internet. Use SSL forward proxy if you plan to decrypt or inspect inbound SSL/TLS traffic from a client to a network server.
      • Specify the certificate verification, session mode checks, server checks, and failure checks that you want the decryption profile to perform on decrypted traffic.
    6. Click Create decryption profile.
  • Use the network-firewall decryption-profile create command and required parameters to create a decryption profile:

    oci network-firewall decryption-profile create --name my_decryption_profile --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
    --type SSL_INBOUND_INSPECTION --vault-secret-ID secret OCID --version-number integer ...[OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateDecryptionProfile operation to create a decryption profile.