Mirror and Decrypt
The Mirror and Decrypt feature performs these actions on Security Groups:
Action |
Instructions |
||
---|---|---|---|
Only mirror of all traffic |
Security Groups clone all traffic (including HTTPS without decryption) that passes through it, and sends it out of the designated physical interface. |
||
Mirror and Decrypt of HTTPS traffic |
Security Groups clone all HTTPS traffic that passes through it, decrypts it, and sends it in clear-text out of the designated physical interface.
|
You can add a third-party Recorder or Packet-Broker in your environment and forward to it the traffic that passes through Security Groups.
This Recorder or Packet-Broker must work in monitor (promiscuous) mode to accept the decrypted and mirrored traffic from Security Groups.
Security Groups work only with one Recorder, which is directly connected to a designated physical network interface (NIC) on the Security Groups.
Example Topology and Traffic Flow:
Item |
Description |
---|---|
1 |
|
2 |
Security Group, through which networks (1) and (3) send and receive their traffic. |
3 |
Second network that sends and receives traffic through the Security Group (2). |
4 |
Designated physical interface on the Security Group (2). |
5 |
Recorder, or Packet-Broker that works in a monitor (promiscuous) mode. |
A |
Traffic flow between the first network (1) and the Security Group (2). |
B |
Traffic flow between the second network (3) and the Security Group (2). |
C |
Flow of the decrypted and mirrored traffic from the Security Group (2) to the Recorder, or Packet-Broker (5). |
Source MAC address of the decrypted and mirrored packets
Traffic |
Source MAC address of the decrypted and |
---|---|
Mirror only of all traffic |
MAC address of the designated physical interface. |
Mirror and Decrypt of HTTPS traffic |
00:00:00:00:00:00 |