An engineer needs to see how many existing SSL decryption sessions are traversing a firewall.
What command should be used?
An engineer needs to see how many existing SSL decryption sessions are traversing a firewall.
What command should be used?
The correct command to see how many existing SSL decryption sessions are traversing a firewall is 'show dataplane pool statistics | match proxy'. This command examines the dataplane pool statistics and filters them to match SSL proxy sessions, allowing the engineer to see the required information.
A - not exist B - correct https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhdCAC C - not exist D - incorect - should be - show session all filter application ssl (but show all session, not a count number of sessions)
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhdCAC
I agree b) show session all can be useful command, but on a production network with thousands of sessions it'd take a while to count how many there were.
Could be B as per al1234 Could be D as per mizuno92 except the full command required is 'show session all filter ssl-decrypt yes count yes' I'm going to guess B is 'better' between these two
B - correct https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhdCAC
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhdCAC
B https://kb.itzecurity.com/2014/04/how-to-implement-ssl-decryption.html#:~:text=To%20see%20how%20many%20existing%20SSL%20decryption%20sessions,there%20are%205%20SSL%20sessions%20being%20decrypted%20%281024%E2%80%931019%3D5%29%3A
Helpful CLI Commands To see how many existing SSL decryption sessions are going through the device, use this CLI command: > debug dataplane pool statistics | match proxy https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEZCA0
B is the most correct and exact answer
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsVCAS