Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?
Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?
Before creating an SSH proxy Decryption policy, the SSH keys must be manually generated. SSH keys are essential for handling the encryption and decryption of SSH traffic. SSL certificates are typically used for HTTPS traffic rather than SSH, making options involving SSL certificates irrelevant for SSH proxy. Therefore, the accurate prerequisite is the generation of SSH keys.
Per the Palo Alto URL provided: Configuring SSH Proxy does not require certificates and the key used to decrypt SSH sessions is generated automatically on the firewall during boot up. With SSH decryption enabled, all SSH traffic identified by the policy is decrypted and identified as either regular SSH traffic or as SSH tunneled traffic. SSH tunneled traffic is blocked and restricted according to the profiles configured on the firewall. Traffic is re-encrypted as it exits the firewall. Answer B is correct.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/decryption/configure-ssh-proxy
B is correct
No prereq for SSH proxy