Create a Decryption Profile

Create decryption profiles to control how SSL forward proxy and SSL inbound inspection perform session mode checks, server checks, and failure checks. You can create a maximum of 500 decryption profiles in each policy.

Before you can create a decryption profile:

Create a mapped secret.

Important

Some names are reserved by Palo Alto Networks®. If you create a policy component with a reserved name, the process fails with an error. See Reserved Names.

1. On the navigation menu, click Identity & Security. Under Firewalls, click Network Firewall Policies.
2. Click the policy.
3. Under Policy resources, click Decryption profiles.
4. Click Create decryption profile.
5. Enter the information for the decryption profile:
  
  Name: Enter a name for the decryption profile.
  
  Type: Select a Decryption profile type. Use SSL inbound inspection if you plan to decrypt or inspect SSL/TLS traffic from internal users to the internet. Use SSL forward proxy if you plan to decrypt or inspect inbound SSL/TLS traffic from a client to a network server.
  
  Specify the certificate verification, session mode checks, server checks, and failure checks that you want the decryption profile to perform on decrypted traffic.
6. Click Create decryption profile.

Use the network-firewall decryption-profile create command and required parameters to create a decryption profile:

oci network-firewall decryption-profile create --name my_decryption_profile --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
--type SSL_INBOUND_INSPECTION --vault-secret-ID secret OCID --version-number integer ...[OPTIONS]

For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

Run the CreateDecryptionProfile operation to create a decryption profile.

Oracle Cloud Infrastructure Documentation

Create a Decryption Profile