We are looking to send traffic to a mirror port similar to the decrypt and mirror functionality for our global protect VPN. We essentially would like to mirror all traffic coming and going to clients connected to our global protect VPN traffic to an external appliance, In order to be useful it needs to show the IP assigned to the client. We have looked a mirroring the external segment to another port or doing the same on the network but only shows the tunneling traffic.
Do you want to decrypt the user traffic (e.g. HTTPS) tunneled via GP IPSec/SSL VPN tunnel?
If so, the tunneled-traffic (e.g. HTTPS, Source IP will be the GP-assigned IP address) could hit an SSL Decryption Policy, if configured, & it can be forwarded to Decryption Mirroring port (just like other decrypted traffic forwarded to the Decrypt Mirror port).
General document for Decryption Port Mirroring: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/decryption/configure-decryption-port-mirro...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!