Capture interfaces monitor traffic that external devices have duplicated for inspection to the IPS engine.
You can have as many capture interfaces as there are available physical ports on the IPS engine (there are no license restrictions regarding this interface type).
External equipment must be set up to mirror traffic to the capture interface. You can connect a capture interface to an external switch SPAN port or a network TAP to capture traffic.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click the IPS engine and select
Edit <element type>.
The Engine Editor opens.
-
In the navigation pane on the left, browse to
Interfaces.
-
Right-click the empty space and select
New Physical Interface.
-
From the
Interface ID drop-down list, select an ID number.
-
From the
Type drop-down list, select
Capture Interface.
-
(Optional) From the
Reset Interface drop-down list, select a TCP reset interface for traffic picked up through this capture interface.
-
If your configuration requires you to change the logical interface from Default_Eth, select the logical interface in one of the following ways:
- Select an existing Logical Interface element from the list.
- Click Select and browse to another Logical Interface element.
- Click New to create a Logical Interface element, then click OK.
-
If you want the IPS engine to inspect traffic from VLANs that are not included in the IPS engine’s interface configuration, leave Inspect Unspecified VLANs selected.
-
If you want the IPS engine to inspect double-tagged VLAN traffic, leave Inspect QinQ selected.
-
Click
OK.
-
Click
Save.
Next steps
Continue the configuration in one of the following ways:
- Define Inline Interfaces.
- Define how the IPS engine handles traffic when the traffic load is too high using the Bypass Traffic on Overload
setting.
- Bind engine licenses to IPS elements.