Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

mirror-decrypt-traffic

Syntax

Hierarchy Level

Description

Specify SSL decryption mirroring options to forward the copy of SSL decrypted traffic to an external traffic collection device.

To use SSL decryption mirroring, configure the SSL decryption port mirroring interface on SRX Series device and MAC address of the of the external mirror traffic collector port in an SSL proxy profile. Next, apply the SSL proxy profile as application services in the security policy. The SSL traffic matching the security policy rule is decrypted and a copy of the decrypted traffic is forwarded to an external traffic collection device through the SSL decryption port mirroring interface.

Options

interface

SSL decryption port mirroring interface on SRX Series device. This is an Ethernet interface on SRX Series device through which the copy of the SSL decrypted traffic is forwarded to a mirror port.

only-after-secruity-policies-enforcement

Enables forwarding the copy of the decrypted traffic to the external mirror traffic collector after enforcing the Layer 7 security services through a security policy.

By default, forwarding of the SSL decrypted payload to the external mirror traffic collector port occurs before enforcing Layer 7 security services including IDP, Juniper SKY ATP, and UTM. When you select to forward the copy of the decrypted traffic after security policies enforcement, and if the decrypted payload is modified while enforcing the security policy, the modified decrypted payload is forwarded to external traffic collection device. Similarly, if the decrypted traffic is dropped because of policy enforcement (for example, a threat is detected in the decrypted traffic), that particular decrypted traffic is not forwarded.

destination-mac-address

MAC address of the of the external mirror traffic collector port.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.4R1