How to track performance issues due to SSL decryption


#1

As I understand it, SSL decryption is incredibly valuable but there can be times when the decryption impacts the performance of the PAN device and a lot of our users want to know how to quickly identify how it impacts the performance, whether it’s a CPU or memory spike. There are also times when packets are dropped due to the inability to decrypt SSL traffic.

How would someone go through the process of troubleshooting this? I understand certain models leverage software to handle SSL decryption (and impacting the MP CPU) while others leverage hardware.

@Brad_Spilde @Satya_Sreenivas @Satya_Sreenivas1


#2

Here are several useful links in diagnosing SSL Decryption issues. I cannot however find anything related to looking at CPU utilization specifically relating to SSL Decryption.

High CPU (in general)

Overall SSL Decryption Resource List

How to View SSL Decryption Information from the CLI

When looking at CPU utilization you can eliminate SSL Decryption from the cause by seeing things like log receiver or useridd as the top CPU consumers in “show system resources follow” via CLI. I believe the SSL is handled by a “proxy” process ID.