SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
System > Packet Monitor
143
SonicOS 5.8.1 Administrator Guide
Encapsulate the packet and send it to a remote SonicWALL appliance.
Send a copy to a physical port with a VLAN configured.
Classification is performed on the Mo
nitor Filter and Advanced Monitor Filter tab of the
Packet Monitor Configuration window.
A local Sonicwall firewall can be configured to receive remotely mirrored traffic from a remote
SonicWALL firewall. At the local firewall, received mirrored traffic can either be saved in the
capture buffer or sent to another local interface. This is configured in the Remote Mirror
Settings (Receiver) section on the Mirror tab of the Packet Monitor Configuration window.
SonicOS Enhanced 5.6 and higher supports the following packet mirroring options:
Mirror packets to a specified interface (Local Mirroring).
Mirror only selected traffic.
Mirror SSL decrypted traffic.
Mirror complete packets including Layer 2 and Layer 3 headers as well as the payload.
Mirror packets to a remote SonicWALL UTM appliance (Remote Mirroring Tx).
Receive mirrored packets from a remote SonicWALL appliance (Remote Mirroring Rx).
Configuring Packet Monitor
You can access the packet monitor tool on the Dashboard > Packet Monitor page of the
SonicOS management interface. There are six main areas of configuration for packet monitor,
one of which is specifically for packet mirror. The following sections describe the configuration
options, and provide procedures for accessing and configuring the filter settings, log settings,
and mirror settings:
“Configuring General Settings” on page 143
“Configuring Monitoring Based on Firewall Rules” on page 144
“Configuring Monitor Filter Settings” on page 145
“Configuring Display Filter Settings” on page 147
“Configuring Logging Settings” on page 149
“Configuring Advanced Monitor Filter Settings” on page 151
“Configuring Mirror Settings” on page 153
Configuring General Settings
This section describes how to configure packet monitor general settings, including the number
of bytes to capture per packet and the buffer wrap option. You can specify the number of bytes
using either decimal or hexadecimal, with a minimum value of 64. The buffer wrap option
enables the packet capture to continue even when the buffer becomes full, by overwriting the
buffer from the beginning.
To configure the general settings, perform the following steps:
Step 1 Navigate to the Dashboard > Packet Monitor page and click Configure.