Intrusion Prevention
Reply
Contributor
tekemp
Posts: 11
Registered: ‎01-08-2010
0

IDP Port Mirror Scenario Question

Does anyone know if its possible (and how to configure) so that the IDP is sniffing on a port mirror on eth2 but then forwards all that traffic to eth1 so that I can use that port as a mirror for another device I have running?

Contributor
greenmug
Posts: 28
Registered: ‎08-21-2009
0

Re: IDP Port Mirror Scenario Question

Hi, I think you are wanting the traffic to pass through the IDP without anything changing on it but with the full ability to detect.

 

I would achieve the goal by placing the IDP in transparent mode and having a policy that does not block anything. This is how evaluations are often done. The caveat is that the pair of ports needs to be a pair that is linked using the hardware bypass.

Contributor
tekemp
Posts: 11
Registered: ‎01-08-2010
0

Re: IDP Port Mirror Scenario Question

Forgive my lack on knowledge on this but is the hardware bypass something that is configured on the IDP itself, or does something need to be physically done to the IDP box?

Juniper Employee
Elango
Posts: 2
Registered: ‎06-29-2009
0

Re: IDP Port Mirror Scenario Question

ACM will show the interface in pairs, which needs to be selected and configured for deplying the device in transparent mode.

 

You need to make sure your policy does not have any actions configured for the scenaio you are planning to deploy.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.