Connecting to a switch

If the Network Agent machine connects to a switch, the switch must support port spanning (mirroring). This means that a copy of all network traffic seen on the switch is sent to the span or mirror port for monitoring.

If you use a switch that supports bidirectional spanning (allowing packets to be monitored and sent from the same port), Network Agent needs only one NIC.

If your switch does not allow bidirectional traffic in spanning (mirroring) mode:

1. Use the NIC connected to the span port to monitor traffic.
2. Install a second NIC on the Network Agent machine. The NIC must have an IP address.
3. Attach the second NIC to a port that can communicate with all monitored machines and the Filtering Service machine.
4. Configure the second NIC as the blocking NIC.