To use the Decryption Port Mirror feature, you must select the
Decrypt
Mirror
interface type. This feature enables creating
a copy of decrypted traffic from a firewall and sending it to a
traffic collection tool that can receive raw packet captures—such
as NetWitness or Solera—for archiving and analysis. Organizations
that require comprehensive data capture for forensic and historical purposes
or data leak prevention (DLP) functionality require this feature. Decryption
port mirroring is only available on PA-7000 Series firewalls, PA-5000
Series firewalls, and PA‑3000 Series firewalls. To enable the feature, you
must acquire and install the free license.