How to View Decrypted Traffic

How to View Decrypted Traffic

39679
Created On 09/25/18 19:43 PM - Last Modified 02/08/19 00:01 AM


Resolution

This article will describe multiple ways to confirm whether traffic has been decrypted or not.

 

CLI

To confirm decrypt on the CLI, use the following command:

> show session all filter ssl-decrypt yes

 

Decrypted sessions will have an * (asterisk) associated with them. Viewing the session ID will mark application 'app-name (proxy)', confirming that session is decrypted.

 

WebGUI

To confirm that the traffic is decrypted inside the WebGUI > Monitor > Logs > Traffic.  Click the magnifying glass icon in the traffic log entries to confirm that the connections were decrypted.

 

2017-11-08_decrypted2.jpgYou will see the "Decrypted " checkbox checked when the traffic is decrypted. 

 

Another way to validate the decrypted session is by enabling the column "Decrypted" as below Traffic logs . This can be done by clicking on the arrow down next to any column title and selecting the Columns > Decrypted.

2017-11-08_decrypted.jpg

2017-11-08_decrypted3.jpgTraffic logs after enabling the Decrypted column.

 

See also

SSL decryption resource list

The SSL decryption resource list has a long list of articles only dealing with SSL decryption. 

 

owner: bryan



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClboCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language