Traffic Replication for explicit proxy addresses the challenge enterprises face when transitioning from on-premises network security infrastructure to SASE by preserving access to your packet captures (PCAPs) for threat investigation, forensic analysis, and compliance requirements. Traffic replication provides a complete copy of traffic traversing Prisma Access explicit proxy available for analysis.

When you enable Traffic replication for explicit proxy, Prisma Access captures and replicates all traffic, including SSL-decrypted content when configured with the appropriate decryption rules. This capability enables you to meet regulatory requirements. The replicated traffic is secured while in motion and at rest, with no alterations to the original packet form, ensuring both directions of communication are preserved without packet loss.

Traffic replication for explicit proxy extends the existing capabilities already available for mobile users and remote networks, providing consistent traffic visibility across all Prisma Access connection methods. You can use this feature with various third-party network detection and response (NDR) tools for enhanced security analytics. The replicated traffic is stored as PCAP files in Cloud Object Storage, where they remain available for 72 hours, enabling your security teams adequate time to download and analyze the data with your preferred forensic tools.

You can enable Traffic replication selectively for specific explicit proxy locations to control data volume, and the system automatically accommodates auto scaling events and infrastructure changes to ensure continuous replication. The functionality operates without affecting existing Prisma Access performance or capabilities, providing you with valuable security insights without compromising the user experience.