Palo Alto Networks Knowledgebase: How to View Decrypted Traffic

How to View Decrypted Traffic

Created On 02/08/19 00:01 AM - Last Updated 02/08/19 00:01 AM
Device Management Initial Configuration Installation QoS Zone and DoS Protection

This article will describe multiple ways to confirm whether traffic has been decrypted or not.



To confirm decrypt on the CLI, use the following command:

> show session all filter ssl-decrypt yes


Decrypted sessions will have an * (asterisk) associated with them. Viewing the session ID will mark application 'app-name (proxy)', confirming that session is decrypted.



To confirm that the traffic is decrypted inside the WebGUI > Monitor > Logs > Traffic.  Click the magnifying glass icon in the traffic log entries to confirm that the connections were decrypted.


2017-11-08_decrypted2.jpgYou will see the "Decrypted " checkbox checked when the traffic is decrypted. 


Another way to validate the decrypted session is by enabling the column "Decrypted" as below Traffic logs . This can be done by clicking on the arrow down next to any column title and selecting the Columns > Decrypted.


2017-11-08_decrypted3.jpgTraffic logs after enabling the Decrypted column.


See also

SSL decryption resource list

The SSL decryption resource list has a long list of articles only dealing with SSL decryption. 


owner: bryan

  • Print
  • Copy Link

Choose Language