Focus

Prisma Access

Cloud Management

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Traffic Replication in
Prisma Access
(
Strata Cloud Manager
)

Learn how to replicate

Prisma Access

traffic in

Prisma Access (Managed by Strata Cloud Manager)

To configure traffic replication in and access the PCAP files, complete the following steps.

Onboard and configure Mobile Users—GlobalProtect for the locations where you want to enable Traffic Replication and

Commit and Push

your changes.

You must have the Mobile Users—GlobalProtect locations enabled before enabling traffic replication for those locations.

(Optional) Apply SSL decryption on the packet captures.

Go to

Prisma Access (Managed by Strata Cloud Manager)

and select

Prisma Access Setup

Prisma Access

Traffic Replication

and click the gear to edit the

Settings

Enable

Packet captures after applying SSL decryption rules

to apply your already-configured SSL decryption policies on the PCAP files.

Only traffic that matches with the inline SSL decryption policy will be decrypted.

If you select this option, the PCAP files will use the same decryption rules that you have specified in your deployment. If you deselect this option, no decryption will be performed on the PCAP files, regardless of the decryption rules you have configured.

For

Traffic Replication encryption certificate

, select any certificate you have added in the

Objects

Certificate Management

Certificates

Custom Certificates

Generate

page or

Import

the certificate to use for SSL decryption.

The certificate consists of a public and private key. Upload the public key in

Prisma Access

; you keep the private key and use it for decryption when you download the zipped PCAP files from the storage bucket. In this way, you guarantee that only your organization can access the storage bucket where the PCAP files are stored.

Configure the GCP service account you created in Step 1.

Traffic replication is supported only for GCP accounts. This service account is used to share read-only access to the storage buckets where the PCAP files are stored in the locations where you have enabled traffic replication. You create these service accounts in your GCP account using normal GCP service account creation procedures. It is your responsibility to control what users have access to these service accounts. Any users who have both access to the PCAP files and access to the private key would have access to the PCAP files.

In the

Access Management

area,

Add Account

details to share read-only access to the storage buckets where the PCAP files are stored.

Enter the following parameters:

Give the account a unique

Account Name

Specify

GCP

as the

Type

for the account.

Specify the

Account

information from the GCP service account you created.

Enter a

Member/User

name for the GCP service account.

Configure traffic replication for one or more Mobile User locations.

In the

Traffic Replication

area, select the locations where you want to enable traffic replication, then select

Mobile Users

You select the

Compute Location

that is associated with

Prisma Access Locations

. Traffic replication is enabled for all Mobile Users clients connected to the selected locations.

Save

the configuration.

Commit and push your changes.

Select

Manage

Operation

Push Config

Select

Mobile Users Container

in the

Push Scope

, then

Push Config

and

Push

your changes.

Review the push targets and

Push

Check the status of traffic replication by going to

Prisma Access Setup

Prisma Access

Traffic Replication

Download the PCAP files.

Use the

Cloud Storage Links

to access the PCAP files in your GCP storage buckets.

These storage buckets support the same regular operations, commands, and queries as any other GCP storage buckets.

You can download PCAP data for up to 72 hours. After 72 hours, the files are permanently deleted.

Files are encrypted using your public key.

Maximum file size is 200 MB or 5 minutes of packet capture, whichever is smaller.

List the files in your service by entering enter

gsutil ls gs://<storage_bucket_link>/

, where <storage_bucket_link> is the storage link in your GCP service account where the files are stored.

Download the files from your service account by entering the enter

gsutil cp gs://<storage_bucket_link>/<file_name> <destination folder>

, where:

<storage_bucket_link> is the storage link in your GCP service account where the files are stored.

<file_name> is the name of the PCAP file.

<destination folder> is the folder where you want the PCAP file to be downloaded.

Unzip the downloaded files.

Decrypt the downloaded files.

Prisma Access Docs

Cloud Management

Prisma Access Docs

Traffic Replication in
Prisma Access
(
Strata Cloud Manager
)

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner

Cloud Management

Prisma Access Docs

Traffic Replication in Prisma Access (Strata Cloud Manager)

Recommended For You

Traffic Replication in
Prisma Access
(
Strata Cloud Manager
)