mirror-decrypt-traffic
Syntax
mirror-decrypt-traffic {
interface interface-name;
only-after-secruity-policies-enforcement;
destination-mac-address mac-address;
}
Hierarchy Level
[edit services ssl proxy profile profile-name]
Description
Specify SSL decryption mirroring options to forward the copy of SSL decrypted traffic to an external traffic collection device.
To use SSL decryption mirroring, configure the SSL decryption port mirroring interface on SRX Series Firewall and MAC address of the of the external mirror traffic collector port in an SSL proxy profile. Next, apply the SSL proxy profile as application services in the security policy. The SSL traffic matching the security policy rule is decrypted and a copy of the decrypted traffic is forwarded to an external traffic collection device through the SSL decryption port mirroring interface.
Options
| interface | SSL decryption port mirroring interface on SRX Series Firewall. This is an Ethernet interface on SRX Series Firewall through which the copy of the SSL decrypted traffic is forwarded to a mirror port. |
| only-after-secruity-policies-enforcement | Enables forwarding the copy of the decrypted traffic to the external mirror traffic collector after enforcing the Layer 7 security services through a security policy. By default, forwarding of the SSL decrypted payload to the external mirror traffic collector port occurs before enforcing Layer 7 security services including IDP, Juniper ATP Cloud, and Content Security. When you select to forward the copy of the decrypted traffic after security policies enforcement, and if the decrypted payload is modified while enforcing the security policy, the modified decrypted payload is forwarded to external traffic collection device. Similarly, if the decrypted traffic is dropped because of policy enforcement (for example, a threat is detected in the decrypted traffic), that particular decrypted traffic is not forwarded. |
| destination-mac-address | MAC address of the of the external mirror traffic collector port. |
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 18.4R1