Capture interfaces monitor traffic that external devices have duplicated for inspection to the Single Firewall.
You can have as many capture interfaces as there are available physical ports on the Single Firewall (there are no license restrictions regarding this interface type).
External equipment must be set up to mirror traffic to the capture interface. You can connect a capture interface to an external switch SPAN port or a network TAP to capture traffic.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click the Single Firewall and select Edit <element type>.
The Engine Editor opens.
-
In the navigation pane on the left, browse to
Interfaces.
-
Right-click the empty space and select New Layer 2 Physical Interface.
-
From the
Interface ID drop-down list, select an ID number.
-
From the
Type drop-down list, select
Capture Interface.
-
(Optional) From the
Reset Interface drop-down list, select a TCP reset interface for traffic picked up through this capture interface.
-
If your configuration requires you to change the logical interface from Default_Eth, select the logical interface in one of the following ways:
- Select an existing Logical Interface element from the list.
- Click Select and browse to another Logical Interface element.
- Click New to create a Logical Interface element, then click OK.
-
If you want the Single Firewall to inspect traffic from VLANs that are not included in the Single Firewall's interface configuration, leave Inspect Unspecified
VLANs selected.
-
If you want the Single Firewall to inspect double-tagged VLAN traffic, leave Inspect QinQ selected.
-
Click
OK.
-
Click Save.
Do not close the Engine Editor.
Next steps
Continue the configuration in one of the following ways:
- Add VLAN interfaces to the capture interface.
- Add other types of layer 2 interfaces.
- Select system communication roles for interfaces.
- Bind engine licenses to the Single Firewall elements.