hi everyone,
do SRX firewalls support a tap mode installation? Really just looking at it
for purposes of evaluation of IDP functionality where tap mode would be the
least intrusive method to see data vs having to put it inline (and then deal
with the inevitable you put a device inline and now
High end SRX's support tap mode. Branch as far as I know do not.
http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-45272.html
Hope this helps,
-Tim Eberhard
On Wed, Sep 12, 2012 at 10:33 AM, William McLendon wimcl...@gmail.com
hi Tim,
thanks for the response - but reading the description that sounds like the
firewall itself still has to be inline, which i'm trying to avoid here.
I guess what does the rest of the config have to look like for it to function
correctly off a span port? ie there wouldn't be any routing
You can always create your own 'tap mode' by simply configuring Filter Based
Forwarding and shunting your selective traffic through your IDP. I did this all
the time in my previous life when dealing with security devices that couldn't
scale enough to place in-line.
Stefan Fouant
JNCIE-SEC,
Will,
Here is a config for using a port on a branch device as a packet capture
device. Port ge-0/0/1 is put into promiscuous mode (has to be a gig port
btw) and getting forwarded packets from a switch.
You need the:
forwarding-options {
packet-capture {
setting and the packet filter.
5 matches
Mail list logo