Decryption mirroring creates a copy of decrypted traffic
from a firewall and sends it to a traffic collection tool such as
NetWitness or Solera, which can receive raw packet captures for
archiving and analysis. Organizations that require comprehensive
data capture for forensic and historical purposes or for data leak
prevention (DLP) can install a free license to enable the feature.
Keep in mind that the decryption, storage, inspection, and/or
use of SSL traffic is governed in certain countries and user consent
might be required in order to use the decryption mirror feature.
Additionally, use of this feature could enable malicious users with
administrative access to the firewall to harvest usernames, passwords,
social security numbers, credit card numbers, or other sensitive
information submitted using an encrypted channel. Palo Alto Networks
recommends that you consult with your corporate counsel before activating
and using this feature in a production environment.