Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > SSL decryption port mirroring (appliance deployments)
SSL decryption port mirroring (appliance deployments)
Help | Content Gateway | v8.5.x
The Content Gateway proxy can be configured to decrypt HTTPS traffic for analysis. Port mirroring delivers all decrypted HTTPS traffic to a physical network interface. This allows a trusted service device to inspect and analyze the decrypted data for its own purpose. The trusted device, however, cannot modify the decrypted traffic and inject it back into the data stream.
SSL decryption port mirroring is available only when the proxy is hosted on a Forcepoint appliance. The feature can be enabled and configured using CLI commands.
 
* 
Important 
The mirror port interface should not be connected to a live network.
This feature is supported:
*
If SSL decryption is enabled
*
Using one of the interfaces on the Content Gateway appliance
*
For both IPv4 and IPv6
*
For both transparent and explicit proxy deployments
Only decrypted HTTPS traffic is delivered to the mirrored interface. The following SSL traffic is not delivered:
*
Traffic that is set to bypass decryption
*
Blocked traffic
*
Tunneled traffic
See the Forcepoint Appliances CLI Guide for information about configuring port mirroring.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > SSL decryption port mirroring (appliance deployments)
Copyright 2023 Forcepoint. All rights reserved.