Palo Alto Networks Knowledgebase: How to View Decrypted Traffic
How to View Decrypted Traffic
Created On 02/08/19 00:01 AM - Last Updated 02/08/19 00:01 AM
Zone and DoS Protection
This article will describe multiple ways to confirm whether traffic has been decrypted or not.
To confirm decrypt on the CLI, use the following command:
> show session all filter ssl-decrypt yes
Decrypted sessions will have an * (asterisk) associated with them. Viewing the session ID will mark application 'app-name (proxy)', confirming that session is decrypted.
To confirm that the traffic is decrypted inside the WebGUI > Monitor > Logs > Traffic. Click the magnifying glass icon in the traffic log entries to confirm that the connections were decrypted.
You will see the "Decrypted " checkbox checked when the traffic is decrypted.
Another way to validate the decrypted session is by enabling the column "Decrypted" as below Traffic logs . This can be done by clicking on the arrow down next to any column title and selecting the Columns > Decrypted.