Capture interfaces monitor traffic that external devices have duplicated for inspection to the Layer 2 Firewall.
You can have as many capture interfaces as there are available network ports on the Layer 2 Firewall (there are no license restrictions regarding this interface type).
External equipment must be set up to mirror traffic to the capture interface. You can connect a capture interface to an external switch SPAN port or a network TAP to capture traffic.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
On the
Interfaces pane, right-click and select
New Physical Interface.
-
From the
Interface ID drop-down list, select an ID number.
-
From the
Type drop-down list, select
Capture Interface.
-
(Optional) From the
Reset Interface drop-down list, select a TCP reset interface for traffic picked up through this capture interface.
-
If your configuration requires you to change the logical interface from Default_Eth, select the logical interface in one of the following ways:
- Select an existing Logical Interface element from the list.
- Click Select and browse to another Logical Interface element.
- Click New to create a Logical Interface element, then click OK.
-
If you want the Layer 2 Firewall engine to inspect traffic from VLANs that are not included in the IPS engine’s interface configuration, leave Inspect Unspecified
VLANs selected.
-
If you want the Layer 2 Firewall engine to inspect double-tagged VLAN traffic, leave Inspect QinQ selected.
-
Click
OK.
-
Click
Save.
If you plan to add inline interfaces, do not close the Engine Editor.
Next steps
Continue the configuration in one of the following ways:
- Add inline interfaces.
- Bind engine licenses to Layer 2 Firewall elements.