I need to forward all packets from my network to another device for sniffing and IDS, but I can't mirror traffic on the TZ 600 firewall. Is there any way to work around this?
So buy a switch, connect it to the ISP's modem/router and copy all traffic to it? That is external to the firewall though will that cause issues for viruses getting through? I need to copy all of that traffic and send it to a device within the network for IDS/IPS. I am using snort.
Wait I think i understand. I'm looking at the switches I have connected to the firewall right now to see how mirroring works on them. I'm pretty sure they are both managed switches.
cyber_monkey
Newbie ✭
Answers
Can I forward packets to another IP?
Mirror / SPAN on a managed switch to which the uplink of the firewall is connected.
NOTE: This option is NOT available on TZ models!
How to configure Port Mirror in Switching | SonicWall
So buy a switch, connect it to the ISP's modem/router and copy all traffic to it? That is external to the firewall though will that cause issues for viruses getting through? I need to copy all of that traffic and send it to a device within the network for IDS/IPS. I am using snort.
will that cause issues for viruses getting through?
Mirroring a port should not cause extra viruses to get through.
I suggest you mirror the inside, not the outside.
a) If you are using NAT like 99.9% of the world is, then mirroring the inside will show you the private IPs, which mirroring on the outside will not
b) if you add another WAN then you'd need to mirror another port to get a complete picture.
are we in agreement that TZ models have zero port mirroring capabilities? If so I can't use it to mirror traffic anyways?
Wait I think i understand. I'm looking at the switches I have connected to the firewall right now to see how mirroring works on them. I'm pretty sure they are both managed switches.