Install guide
Software Version 2.7.6 47
Software Version 2.7.6
C613-10462-00 REV A
Configuring Session Monitoring
Monitoring is disabled by default. To configure it, you need to set up a packet
capturing device to collect the packet copies, create a monitor, and enable
monitoring. The following table lists the commands to use on the router or
switch.
Effect of deleting
interfaces
If a monitor is configured to send duplicated packets to an interface (the copyto
interface) and you delete that interface, then the firewall deactivates that
monitor. If you add the interface again, the firewall automatically reactivates
the monitor.
Effect on firewall
throughput
The firewall’s throughput is affected by on how much traffic it monitors at
once. For example, if the firewall monitors all the traffic that passes through it
at a given time, it processes packets approximately half as fast as if it monitors
no traffic.
Step Command Action
1 — Connect a device to capture the copies,
such as a PC running packet capturing
software, to an Eth port or a switch port.
1 create vlan=vlan-name vid=vid
add vlan=vlan-name port=port-number
[other-options...]
add ip interface={ethx|vlanx} ip=ipadd
[other-options...]
Configure the interface to which you
connected the packet capturing device:
• If you connected it to a switch port,
put the port in a separate VLAN.
• Give the Eth port or VLAN an IP
address.
2 add firewall monitor=monitor-id
ip=ipadd copyto=ip-interface
[applyto={private|public|both}]
Create a monitor. Specify:
• the IP address of the device you
want to monitor
• the interface to which you
connected the capturing device,
using the copyto parameter.
• optionally, whether to monitor the
private interface, the public
interface, or both. The default is the
private interface.
3 enable firewall monitor Enable session monitoring.
4 show firewall monitor Check the monitor configuration.