Configure Decryption Port Mirroring

Follow the steps below to enable Decryption Port Mirroring on your NGFW:

  1. Obtain and Install License:
    • Log in to the Customer Support Portal.
    • Navigate to the Assets tab.
    • Select your NGFW and choose Actions .
    • Select Decryption Port Mirror and acknowledge the legal notice.
    • Click Activate .
  2. Install License on NGFW:
    • On the NGFW, go to Device > Licenses .
    • Click Retrieve license keys from license server .
    • Verify that the license is active.
  3. Reboot NGFW:
    • Navigate to Device > Setup > Operations .
    • Click Reboot to apply the license.
  4. Allow Forwarding of Decrypted Content:
    • For single virtual system:
      • Go to Device > Setup > Content-ID .
      • Select Allow forwarding of decrypted content .
      • Click OK .
    • For multiple virtual systems:
      • Go to Device > Virtual Systems .
      • Select or create a Virtual System.
      • Select Allow forwarding of decrypted content .
      • Click OK .
  5. Configure Decrypt Mirror Interface:
    • Navigate to Network > Interfaces > Ethernet .
    • Select an unused Ethernet interface.
    • Set Interface Type to Decrypt Mirror .
    • Click OK .
  6. Create Decryption Profile:
    • Go to Objects > Decryption Profile .
    • Select the interface configured as Decrypt Mirror .
    • Specify whether to mirror traffic before or after policy enforcement.
    • Click OK .
  7. Attach Decryption Profile to Policy Rule:
    • Navigate to Policies > Decryption .
    • Select an existing rule or click Add to create a new one.
    • In the Options tab, select Decrypt and choose the created Decryption Profile.
    • Click OK .
  8. Commit Configuration:
    • Click Commit to apply all changes.

Configuration Flowchart 

flowchart TD
    A[Start] --> B[Obtain License via Customer Support Portal]
    B --> C[Install License on NGFW]
    C --> D[Reboot NGFW]
    D --> E{Single or Multiple Virtual Systems?}
    E -->|Single| F[Device > Setup > Content-ID]
    E -->|Multiple| G[Device > Virtual Systems]
    F --> H[Allow Forwarding of Decrypted Content]
    G --> H
    H --> I[Configure Decrypt Mirror Interface]
    I --> J[Create Decryption Profile]
    J --> K[Attach Profile to Decryption Policy Rule]
    K --> L[Commit Configuration]
    L --> M[End]