Create a Mapped Secret

Create mapped secrets to use in decryption profiles to decrypt and inspect SSL/TLS traffic with SSL forward proxy or SSL inbound inspection.

Before you can create a mapped secret:

Setting Up Network Traffic Decryption and Inspection.

You can create a maximum of 300 SSL inbound inspection mapped secrets. You can create a maximum of one SSL forward proxy mapped secret.

Important

Some names are reserved by Palo Alto Networks® and can't be used.

1. On the navigation menu, select Identity & Security. Go to Firewalls, select Network Firewall Policies.
2. Select the policy.
3. Under Policy resources, select Mapped secrets.
4. Select Create mapped secret.
5. In the Mapped secret name box, enter a name.
6. In the Mapped secret type list, do one of the following:
  
  To decrypt or inspect SSL/TLS traffic from internal users to the internet, select SSL inbound inspection.
  
  - or -
  
  To decrypt or inspect inbound SSL/TLS traffic from a client to a network server, select SSL forward proxy.
7. In the Vault list, select the vault that contains the secret you want to map to the inbound or outbound key.
8. In the Secret list, select the secret.
9. In the Version number list, select the secret version.
10. Select Create mapped secret.

Use the network-firewall mapped-secret create command and required parameters to create a mapped secret:

oci network-firewall mapped-secret create --name my_mapped_secret --source OCI_VAULT
--network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
--type SSL_INBOUND_INSPECTION --vault-secret-ID secret OCID --version-number integer [OPTIONS]

For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

Run the CreateMappedSecret operation to create a mapped secret.

Oracle Cloud Infrastructure Documentation

Create a Mapped Secret