Example: Layer 2 Engine Capture Interfaces in Passive Engine mode

An example of deploying a Layer 2 Engine in Passive Engine mode.

The administrator at company B wants to set up a Single Layer 2 Engine and deploy it in Passive Engine mode using SPAN ports on the switch to duplicate packets for inspection. The following illustration shows the interfaces of the Layer 2 Engine in Passive Engine mode with Capture Interfaces.

Figure: Capture Interfaces with SPAN



In this example, Interface ID 0 is a Normal Interface used for management connections and sending TCP Reset responses. Interface ID 1 is a Capture Interface used for capturing network traffic from the network switch for inspection.

The administrator does the following:
  1. Creates a Single Layer 2 Engine element and selects the Log Server to which the Layer 2 Engine sends its log data.
  2. Defines Interface ID 0 as a Normal Interface and adds an IP address to it.
    • The IP address on Interface ID 0 is automatically selected as the Primary Control IP address because Interface ID 0 is the first Normal Interface with an IP address.
  3. Defines Interface ID 1 as a Capture Interface and selects Interface ID 0 as the Reset Interface.
  4. Saves the initial configuration of the engine in the SMC Client.
  5. Maps the interface IDs to the physical interfaces in the Security Engine Configuration Wizard and makes initial contact with the Management Server.
  6. Installs a Layer 2 Engine Policy in the SMC Client to transfer the configuration to the engine.