SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
System > Packet Monitor
144
SonicOS 5.8.1 Administrator Guide
Step 2 In the Packet Monitor Configuration window, click the Settings tab.
Step 3 Under General Settings in the Number of Bytes To Capture (per packet) box, type the
number of bytes to capture from each packet. The minimum value is 64.
Step 4 To continue capturing packets after the buffer fills up, select the Wrap Capture Buffer Once
Full checkbox. Selecting this option will cause packet capture to start writing captured packets
at the beginning of the buffer again after the buffer fills. This option has no effect if FTP server
logging is enabled on the Logging tab, because the buffer is automatically wrapped when FTP
is enabled.
Step 5 Under Exclude Filter, select the Exclude encrypted GMS traffic to prevent capturing or
mirroring of encrypted management or syslog traffic to or from SonicWALL GMS. This setting
only affects encrypted traffic within a configured primary or secondary GMS tunnel. GMS
management traffic is not excluded if it is sent via a separate tunnel.
Step 6 Use the Exclude Management Traffic settings to prevent capturing or mirroring of
management traffic to the appliance. Select the checkbox for each type of traffic (HTTP/
HTTPS, SNMP, or SSH) to exclude. If management traffic is sent via a tunnel, the packets are
not excluded.
Step 7 Use the Exclude Syslog Traffic to settings to prevent capturing or mirroring of syslog traffic
to the logging servers. Select the checkbox for each type of server (Syslog Servers or GMS
Server) to exclude. If syslog traffic is sent via a tunnel, the packets are not excluded.
Step 8 Use the Exclude Internal Traffic for settings to prevent capturing or mirroring of internal traffic
between the SonicWALL appliance and its High Availability partner or a connected SonicPoint.
Select the checkbox for each type of traffic (HA or SonicPoint) to exclude.
Step 9 To save your settings and exit the configuration window, click OK.
Configuring Monitoring Based on Firewall Rules
The Packet Monitor and Flow Reporting features allow traffic to be monitored based on firewall
rules for specific inbound or outbound traffic flows. This feature set is enabled by choosing to
monitor flows in the Firewall > Access Rules area of the SonicOS management interface.