(Supported on all models
except the VM-Series firewall on AWS, Azure, NSX edition, and Citrix
SDX.) | Select Forwarded Only if
you want to mirror decrypted traffic only after Security policy
enforcement. With this option, only traffic that is forwarded through
the firewall is mirrored. This option is useful if you are forwarding the
decrypted traffic to other threat detection devices, such as a DLP
device or another intrusion prevention system (IPS). If you clear
this selection (the default setting), the firewall will mirror all
decrypted traffic to the interface before security policies lookup,
which allows you to replay events and analyze traffic that generates
a threat or triggers a drop action. |