The decryption mirroring feature provides the capability
to create a copy of decrypted traffic from a firewall and send it
to a traffic collection tool that is capable of receiving raw packet
captures–such as NetWitness or Solera–for archiving and analysis.
This feature is necessary for organizations that require comprehensive
data capture for forensic and historical purposes or data leak prevention
(DLP) functionality. Decryption mirroring is available on PA-7000
Series, PA-5000 Series and PA-3000 Series platforms only and requires
that a free license be installed to enable this feature.
Keep in mind that the decryption, storage, inspection, and/or
use of SSL traffic is governed in certain countries and user consent
might be required in order to use the decryption mirror feature.
Additionally, use of this feature could enable malicious users with
administrative access to the firewall to harvest usernames, passwords,
social security numbers, credit card numbers, or other sensitive
information submitted using an encrypted channel. Palo Alto Networks
recommends that you consult with your corporate counsel before activating
and using this feature in a production environment.