11-11-2010 11:19 AM
Does anyone know if its possible (and how to configure) so that the IDP is sniffing on a port mirror on eth2 but then forwards all that traffic to eth1 so that I can use that port as a mirror for another device I have running?
11-12-2010 08:47 AM
Hi, I think you are wanting the traffic to pass through the IDP without anything changing on it but with the full ability to detect.
I would achieve the goal by placing the IDP in transparent mode and having a policy that does not block anything. This is how evaluations are often done. The caveat is that the pair of ports needs to be a pair that is linked using the hardware bypass.
11-18-2010 08:40 AM
Forgive my lack on knowledge on this but is the hardware bypass something that is configured on the IDP itself, or does something need to be physically done to the IDP box?
12-13-2010 09:37 PM
ACM will show the interface in pairs, which needs to be selected and configured for deplying the device in transparent mode.
You need to make sure your policy does not have any actions configured for the scenaio you are planning to deploy.