Support User Manuals

SonicWALL 5.8.1 Microscope & Magnifier User Manual

Open as PDF

of 1490

System > Packet Monitor

144

SonicOS 5.8.1 Administrator Guide

Step 2 In the Packet Monitor Configuration window, click the Settings tab.

Step 3 Under General Settings in the Number of Bytes To Capture (per packet) box, type the

number of bytes to capture from each packet. The minimum value is 64.

Step 4 To continue capturing packets after the buffer fills up, select the Wrap Capture Buffer Once

Full checkbox. Selecting this option will cause packet capture to start writing captured packets

at the beginning of the buffer again after the buffer fills. This option has no effect if FTP server

logging is enabled on the Logging tab, because the buffer is automatically wrapped when FTP

is enabled.

Step 5 Under Exclude Filter, select the Exclude encrypted GMS traffic to prevent capturing or

mirroring of encrypted management or syslog traffic to or from SonicWALL GMS. This setting

only affects encrypted traffic within a configured primary or secondary GMS tunnel. GMS

management traffic is not excluded if it is sent via a separate tunnel.

Step 6 Use the Exclude Management Traffic settings to prevent capturing or mirroring of

management traffic to the appliance. Select the checkbox for each type of traffic (HTTP/

HTTPS, SNMP, or SSH) to exclude. If management traffic is sent via a tunnel, the packets are

not excluded.

Step 7 Use the Exclude Syslog Traffic to settings to prevent capturing or mirroring of syslog traffic

to the logging servers. Select the checkbox for each type of server (Syslog Servers or GMS

Server) to exclude. If syslog traffic is sent via a tunnel, the packets are not excluded.

Step 8 Use the Exclude Internal Traffic for settings to prevent capturing or mirroring of internal traffic

between the SonicWALL appliance and its High Availability partner or a connected SonicPoint.

Select the checkbox for each type of traffic (HA or SonicPoint) to exclude.

Step 9 To save your settings and exit the configuration window, click OK.

Configuring Monitoring Based on Firewall Rules

The Packet Monitor and Flow Reporting features allow traffic to be monitored based on firewall

rules for specific inbound or outbound traffic flows. This feature set is enabled by choosing to

monitor flows in the Firewall > Access Rules area of the SonicOS management interface.

previous next