Decryption Port Mirroring
The Decryption Port mirror feature provides the capability to create a copy of decrypted traffic from a firewall and send it to a traffic collection tool that is capable of receiving raw packet captures–such as NetWitness or Solera–for archiving and analysis. This feature is necessary for organizations that require comprehensive datacapture for forensic and historical purposes or data leak prevention (DLP) functionality.
Christopher Williamson commented
Also available on Palo Alto. Hope this comes to Sophos
Marshall Ringler commented
Absolutely! I use a Darktrace appliance to monitor all internal traffic, and need every port from every switch and router mirrored to the device. I'm really disappointed that this isn't a built-in function like it is for SonicWalls!