Create a Decryption Profile

Create decryption profiles to control how SSL forward proxy and SSL inbound inspection perform session mode checks, server checks, and failure checks. You can create a maximum of 500 decryption profiles in each policy.

Before you can create a decryption profile, you must create a mapped secret.

Important

Some names are reserved by Palo Alto Networks® and can't be used.

1. Open the navigation menu, and select Identity & Security. Under Firewalls, select Network Firewall policies.
2. Select that compartment that contains the policy that you want to create the application in.
3. Select the policy.
4. On the details page, select the TLS decryption tab.
5. From within the Decryption profiles table, select Create decryption profile.
6. Enter the name for the decryption profile. Avoid entering confidential information.
7. Under Decryption profile type, select the following options:
  
  Select SSL inbound inspection if you plan to decrypt or inspect SSL/TLS traffic from internal users to the internet.
  
  Select SSL forward proxy if you plan to decrypt or inspect inbound SSL/TLS traffic from a client to a network server.
8. Specify the server certificate verification, unsupported mode checks, and failure checks that you want the decryption profile to perform on decrypted traffic.
9. Select Create decryption profile.

Use the network-firewall decryption-profile create command and required parameters to create a decryption profile:

oci network-firewall decryption-profile create --name my_decryption_profile --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
--type SSL_INBOUND_INSPECTION --vault-secret-ID secret OCID --version-number integer ...[OPTIONS]

For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

Run the CreateDecryptionProfile operation to create a decryption profile.

Oracle Cloud Infrastructure Documentation

Create a Decryption Profile