Port mirror with complex filter

  • 0
  • 1
  • Question
  • Updated 3 months ago
Have a common SMB deployment (300 users) where the firewall is at the "core" of the network, meaning that's the DFGW for LAN users, not a layer 3 VIP on the switched core. I need to mirror North/South traffic (LAN to INTERNET and vice versa) so I don't really want to mirror ALL traffic to the firewall interface (which could be destined for another LAN subnet, subinterface, etc.). I was thinking that it would be cool if I could combine some criteria like the destination MAC of the firewall and an IP not known to be local and build a mirror of just that traffic. Anyone run up against something like this? The firewall can mirror an interface but the whole interface (sub-interfaces too). I could move the gateway to a VIP and drop another subnet in front of the firewall but this environment is very sensitive to downtime and it'd be like pulling teeth. Any suggestions/ideas? Thanks in advance!
Photo of Eric Burke

Eric Burke

  • 3,288 Points 3k badge 2x thumb

Posted 3 months ago

  • 0
  • 1

Be the first to post a reply!