Creating a Decryption Profile

Create decryption profiles to control how SSL forward proxy and SSL inbound inspection perform session mode checks, server checks, and failure checks. You can create a maximum of 500 decryption profiles in each policy.

Before you can create a decryption profile:

See Creating Network Firewall Policy Components for more information.

    1. Open the navigation menu and click Identity & Security. Under Firewalls, click Network Firewall Policies.
    2. Click on a policy in the list.
    3. In Policy resources, click on Decryption profiles.
    4. Click Create decryption profile.
    5. Enter the information for the decryption proflile:
      • Name: Enter a friendly name for the decryption profile. Avoid entering confidential information.
      • Type: Select a Decryption profile type. Use SSL inbound inspection if you plan to decrypt or inspect SSL/TLS traffic from internal users to the internet. Use SSL forward proxy if you plan to decrypt or inspect inbound SSL/TLS traffic from a client to a network server.
      • Specify the certificate verification, session mode checks, server checks, and failure checks that you want the decryption profile to perform on decrypted traffic.
    6. Click Create decryption profile.
  • Use the network-firewall decryption-profile create command and required parameters to create a decryption profile:

    oci network-firewall decryption-profile create --name my_decryption_profile --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
    --type SSL_INBOUND_INSPECTION --vault-secret-ID secret OCID --version-number integer ...[OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateDecryptionProfile operation to create a decryption profile.