: TLS 1.3 and PubSub Support for Traffic Replication
Focus
Focus

TLS 1.3 and PubSub Support for Traffic Replication

Table of Contents

TLS 1.3 and PubSub Support for Traffic Replication

Traffic replication supports TLS 1.3 and PubSub notifications.
If you're a large organization using Traffic Replication, you can have the following challenges in deploying and using it:
  • Tools that consume the packet capture (PCAP) files require frequent queries of the buckets to cope with a large number of PCAP files. The tools might create overhead on the buckets and their use might be limited by the cloud providers.
  • When using the PCAP files for forensic analysis, accessing SSL decrypted traffic provides better efficacy, and a significant amount of the traffic is TLS 1.3 encrypted.
To solve these issues, Prisma Access offers these enhancements that allow third-party tools to be more efficient and easier to scale:
  • Pub/Sub Notifications—Prisma Access proactively sends a Pub/Sub notification when a new PCAP file is uploaded to the storage bucket. Using Pub/Sub notifications for new PCAP files eliminates the need to develop tools that notify you when there are new files in the buckets.
  • TLS 1.3 Decryption Support—Prisma Access uses TLS 1.3 when decrypting PCAP files, thus providing deeper visibility into the traffic. This support applies to remote network deployments where you have enabled the use of SSL/TLS decryption policy rules on PCAP files.