Do Palo Alto firewalls support port mirror?
64040
Created On 09/07/19 01:54 AM - Last Modified 04/05/21 21:48 PM
Question
Switch and Routers support a feature called port mirror where the traffic of one port can be mirrored to a different port to be monitored. Do Palo Alto Firewalls support such feature?
Environment
- All Palo Alto hardware firewalls
- PAN OS 7.1 and above
Answer
Palo Alto firewalls do not support typical port mirroring where the traffic of one port is mirrored to another port which can be monitored using software for analysis.
Additional Information
Although Port mirroring is not supported, a feature called Decrypt mirroring is available.This feature provides the capability to create a copy of decrypted traffic from a firewall and send it to a traffic collection tool that is capable of receiving raw packet captures for archiving and analysis. Refer Decrypt Mirroring for more details.
This feature can only capture "decrypted traffic".
In PAN-OS 7.1, Decryption mirroring is only available on PA-7000 Series, PA-5000 Series and PA-3000 Series platforms
In PAN-OS 8.0, Decryption mirroring is only available on PA-7000 Series, PA-5200 Series, PA-5000 Series and PA-3000 Series platforms.
In PAN-OS 8.1 and above, Decryption mirroring is available on all hardware platforms.