TLS 1.3 and Pub/Sub Support for Traffic Replication

Table of Contents

Prisma® Access supports Pub/Sub notifications and TLSv1.3 decryption to improve how you manage traffic replication.

If you use Traffic Replication, Prisma® Access can minimize the challenges you encounter when you deploy third-party tools to deploy and use it:

Tools that consume the packet capture (PCAP) files require frequent queries of the buckets to cope with a large number of PCAP files. The tools might create overhead on the buckets and their use might be limited by the cloud providers.
When using the PCAP files for forensic analysis, accessing SSL decrypted traffic provides better efficacy. A significant amount of the traffic is TLS 1.3 encrypted and requires decryption.

To solve these challenges, Prisma Access offers these enhancements for efficiency and scalability:

Pub/Sub Notifications—Prisma Access proactively sends a publisher and subscriber (Pub/Sub) notification when the storage bucket receives a new PCAP file. Using Pub/Sub notifications for new PCAP files eliminates the need to develop tools that notify you when there are new files in the buckets.
TLS 1.3 Decryption Support—Prisma Access uses TLSv1.3 to decrypt PCAP files, which provides deeper visibility into your network traffic. However, this support applies only to remote network deployments where you have enabled the use of SSL/TLS decryption policy rules on PCAP files.