Add capture interfaces to Firewall Clusters

Capture interfaces monitor traffic that external devices have duplicated for inspection to the Firewall Cluster.

You can have as many capture interfaces as there are available physical ports on the Firewall Cluster (there are no license restrictions regarding this interface type).

External equipment must be set up to mirror traffic to the capture interface. You can connect a capture interface to an external switch SPAN port or a network TAP to capture traffic.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the Firewall Cluster and select Edit <element type>.
    The Engine Editor opens.
  2. In the navigation pane on the left, browse to Interfaces.
  3. Right-click the empty space and select New Layer 2 Physical Interface.
  4. From the Interface ID drop-down list, select an ID number.
  5. From the Type drop-down list, select Capture Interface.
  6. (Optional) From the Reset Interface drop-down list, select a TCP reset interface for traffic picked up through this capture interface.
  7. If your configuration requires you to change the logical interface from Default_Eth, select the logical interface in one of the following ways:
    • Select an existing Logical Interface element from the list.
    • Click Select and browse to another Logical Interface element.
    • Click New to create a Logical Interface element, then click OK.
  8. If you want the Firewall Cluster to inspect traffic from VLANs that are not included in the Firewall Cluster's interface configuration, leave Inspect Unspecified VLANs selected.
  9. If you want the Firewall Cluster to inspect double-tagged VLAN traffic, leave Inspect QinQ selected.
  10. Click OK.
  11. Click Save.
    Do not close the Engine Editor.

Next steps

Continue the configuration in one of the following ways:
  • Add VLAN interfaces to the capture interface.
  • Add other types of layer 2 interfaces.
  • Select system communication roles for interfaces.
  • Bind engine licenses to the Firewall Cluster elements.