Which two actions must an engineer take to configure SSL Forward Proxy decryption? (Choose two.)
Which two actions must an engineer take to configure SSL Forward Proxy decryption? (Choose two.)
To configure SSL Forward Proxy decryption, an engineer must configure SSL decryption rules and define a Forward Trust Certificate. The SSL decryption rules are necessary to set the criteria for when and how decryption occurs. The Forward Trust Certificate is crucial because it establishes trust with clients, allowing the proxy to decrypt and inspect SSL traffic. While configuring a decryption profile can enhance security by specifying protocols and algorithms, it is not strictly required to set up basic SSL Forward Proxy decryption.
On the 1/23/24 exam
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy Although Decryption profiles are optional, it is a best practice to include a Decryption profile with each Decryption policy rule to prevent weak, vulnerable protocols and algorithms from allowing questionable traffic on your network.
The questuion qis "Which two actions must " Decryption profile is optional. So correct answer is B a and C
on exam 06/10/2024
Answer C, B I have just tested in lab, you def need SSL Forward Trust Cert and you configure a Decryption Policy Rule under Policies >> Decryption >> Add with Source Zone, Destination Zone and Options of SSL Forward Proxy.
Answer BC: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy --> there it states that a forward trust cert as well as a decryption rule are necessary, a decryption profile is optional
Profile is not mandatory.
B and C correct
You don't need to configure decryption profile, there is already one predefined (default) and this decryption profile you don't even need to apply in a decryption policy rule.
B and C correct