To use the Decryption Port Mirror feature, you must select the
interface type. This feature enables creating
a copy of decrypted traffic from a firewall and sending it to a
traffic collection tool that can receive raw packet captures—such
as NetWitness or Solera—for archiving and analysis. Organizations that
require comprehensive data capture for forensic and historical purposes
or data leak prevention (DLP) functionality require this feature.
To enable the feature, you must acquire and install the free license.
Decryption port mirroring is not available on the VM-Series
for public cloud platforms (AWS, Azure, Google Cloud Platform),
VMware NSX, and Citrix SDX.
To configure a decrypt mirror interface, click the name of an
Interface (ethernet1/1, for example) that is not configured and
specify the following information.
Decrypt Mirror Interface Settings
The interface name is predefined and you
cannot change it.
Enter an optional description for the interface.
Select the interface speed in Mbps (
), or select
have the firewall automatically determine the speed.
Select whether the interface transmission
mode is full-duplex (