I was attempting to inspect traffic from an external source to my lab environment. My lab instance is configured to use a public private key (PPK) file for authentication. I configured the Palo traffic policy rule to allow traffic flow from outside to lab and tested it successfully. Then configured the decryption rule and activated it, which broke communication.

Using Wireshark to follow the conversation I saw the firewall advertising the ciphers that it is willing to use, which matched the ciphers Putty was advertising. However, the SSL handshake was not happening and I could not SSH to my lab instance with the decryption rule turn on.

After some research I found out that we cannot proxy or decrypt certificate-based client authentication because they are cryptographically static. The solution to my problem was to change the lab instance to use, username password authentication.

Hope this helps