1

Designated network interface for Mirror and Decrypt:

1. Select a designated physical interface on your Security Gateway, or each cluster member.

   Important:

   • On cluster members, you must select an interface with the same name (for example, eth3 on each cluster member).
   • Select an interface with the largest available throughput (for example, 10G, 40G), because this interface passes the combined traffic from all other interfaces.
2. Assign a dummy IP address to the designated interface.

   Important - This IP address cannot collide with other IP addresses used in your environment. This IP address cannot belong to subnets used in your environment. Make sure to configure the correct subnet mask. After you enable traffic mirroring on this interface in SmartConsole, all other traffic that is routed to this interface is dropped.

3. On cluster members, you must configure this designated physical interface in the $FWDIR/conf/discntd.if file.

   Note - This prevents the interfaces that are not used from sending Cluster Control Protocol (CCP) packets that can overwhelm the Mirror and Decrypt recorders.

2

Maximum Transmission Unit (MTU) on the Mirror and Decrypt designated physical interface:

• MTU value has to be 1500 (default), or at least the maximum MTU value from other interfaces on the Security Gateway.

3

HTTPS Inspection for decrypting the HTTPS traffic:

• You must enable the HTTPS Inspection in SmartConsole in the object of the Security Gateway, Cluster, or Virtual System.
• You must configure the HTTPS Inspection Rule Base.

4

Access Rules for traffic you wish to Mirror and Decrypt:

• You must create special rules in the Access Control Policy for the traffic you wish to mirror and decrypt.