Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Port mirroring work arounds for TZ600

cyber_monkeycyber_monkey Newbie ✭
edited March 1 in Entry Level Firewalls

I need to forward all packets from my network to another device for sniffing and IDS, but I can't mirror traffic on the TZ 600 firewall. Is there any way to work around this?


Unless this screen works for that purpose?


Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • cyber_monkeycyber_monkey Newbie ✭

    Can I forward packets to another IP?

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    Mirror / SPAN on a managed switch to which the uplink of the firewall is connected.


    NOTE: This option is NOT available on TZ models!


    How to configure Port Mirror in Switching | SonicWall

  • cyber_monkeycyber_monkey Newbie ✭
    edited March 4

    So buy a switch, connect it to the ISP's modem/router and copy all traffic to it? That is external to the firewall though will that cause issues for viruses getting through? I need to copy all of that traffic and send it to a device within the network for IDS/IPS. I am using snort.

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    will that cause issues for viruses getting through?

    Mirroring a port should not cause extra viruses to get through.

    I suggest you mirror the inside, not the outside.

    a) If you are using NAT like 99.9% of the world is, then mirroring the inside will show you the private IPs, which mirroring on the outside will not

    b) if you add another WAN then you'd need to mirror another port to get a complete picture.

  • cyber_monkeycyber_monkey Newbie ✭

    are we in agreement that TZ models have zero port mirroring capabilities? If so I can't use it to mirror traffic anyways?

  • cyber_monkeycyber_monkey Newbie ✭

    Wait I think i understand. I'm looking at the switches I have connected to the firewall right now to see how mirroring works on them. I'm pretty sure they are both managed switches.

Sign In or Register to comment.