You don't need to configure decryption profile, there is already one predefined (default) and this decryption profile you don't even need to apply in a decryption policy rule.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy
Although Decryption profiles are optional, it is a best practice to include a Decryption profile with each Decryption policy rule to prevent weak, vulnerable protocols and algorithms from allowing questionable traffic on your network.
Answer BC:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy --> there it states that a forward trust cert as well as a decryption rule are necessary, a decryption profile is optional
Answer C, B
I have just tested in lab, you def need SSL Forward Trust Cert and you configure a Decryption Policy Rule under Policies >> Decryption >> Add with Source Zone, Destination Zone and Options of SSL Forward Proxy.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
weze1336
5 days, 1 hour agotonja
2 months, 4 weeks agohdrnzienlaoroljol
3 months agojens23
3 months, 1 week agoMarshpillowz
4 months, 1 week agoKaifus
4 months, 3 weeks agod34a5eb
5 months agotamaster22
5 months, 1 week agocx777o
5 months, 1 week agofranko_72
5 months, 2 weeks ago