Add capture interfaces to IPS engines

Capture interfaces monitor traffic that external devices have duplicated for inspection to the IPS engine.

You can have as many capture interfaces as there are available physical ports on the IPS engine (there are no license restrictions regarding this interface type).

External equipment must be set up to mirror traffic to the capture interface. You can connect a capture interface to an external switch SPAN port or a network TAP to capture traffic.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the IPS engine and select Edit <element type>.
    The Engine Editor opens.
  2. In the navigation pane on the left, browse to Interfaces.
  3. Right-click the empty space and select New Physical Interface.
  4. From the Interface ID drop-down list, select an ID number.
  5. From the Type drop-down list, select Capture Interface.
  6. (Optional) From the Reset Interface drop-down list, select a TCP reset interface for traffic picked up through this capture interface.
  7. If your configuration requires you to change the logical interface from Default_Eth, select the logical interface in one of the following ways:
    • Select an existing Logical Interface element from the list.
    • Click Select and browse to another Logical Interface element.
    • Click New to create a Logical Interface element, then click OK.
  8. If you want the IPS engine to inspect traffic from VLANs that are not included in the IPS engine’s interface configuration, leave Inspect Unspecified VLANs selected.
  9. If you want the IPS engine to inspect double-tagged VLAN traffic, leave Inspect QinQ selected.
  10. Click OK.
  11. Click Save.

Next steps

Continue the configuration in one of the following ways:
  • Define Inline Interfaces.
  • Define how the IPS engine handles traffic when the traffic load is too high using the Bypass Traffic on Overload setting.
  • Bind engine licenses to IPS elements.