Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT 8648T/2SP

48 Firewall Enhancements Release Note

Software Version 2.7.6

C613-10462-00 REV A

Multiple monitors There is no limit on the number of devices you can monitor, although you

should consider the performance impact of monitoring a high proportion of

traffic.

The firewall determines which monitor to use on traffic by checking the

monitor’s IP address against all IP address fields for the session. These session

fields appear in the output of the show firewall session command, and are

summarised in the following table.

Duplicate monitors If two monitors monitor different addresses that are part of the same session,

and both monitors apply on the same side of the firewall, then the firewall uses

the last-created monitor. This avoids unnecessary packet duplication. For

example, consider the scenario in the following diagram, in which NAT on the

firewall translates between a private IP address (192.168.1.1, the IP entry in

output from the show firewall session command) and a public IP address

(192.0.2.1, the Gbl IP entry).

To monitor traffic in this scenario, you can apply a monitor to the private

interface that specifies either the private address 192.168.1.1 or the public

address 192.0.2.1. However, it is possible to create Monitor 1 that monitors the

private address and then Monitor 2 that monitors the public address, by using

the commands:

add firewall monitor=1 ip=192.168.1.1 copyto=vlan2

applyto=private

add firewall monitor=2 ip=192.0.2.1 copyto=vlan3

applyto=private

Both these monitors apply to sessions that match this scenario. The firewall

uses Monitor 2, because it was the last monitor to be created. This means that

copies of packets are sent to the copyto interface specified in Monitor 2, not the

interface specified in Monitor 1.

If you delete the second monitor, the first monitor takes over. If the deleted

monitor was monitoring a current session, monitoring may stop for a few

seconds.

IP field name in session Meaning

IP The source address of outbound packets and the

destination address of inbound packets in this session,

as seen on the private side of the firewall.

Remote IP The destination address of outbound packets and the

source address of inbound packets in this session, as

seen on the private side of the firewall.

Gbl IP The source address of outbound packets and the

destination address of inbound packets in this session,

as seen on the public side of the firewall. If NAT is not

configured, this is the same as IP.

Gbl Remote IP The destination address of outbound packets and the

source address of inbound packets in this session, as

seen on the public side of the firewall. If NAT is not

configured, this is the same as Remote IP.

fw-mon-conflict

Internet

public

address:

Gbl IP

192.0.2.1

private

address:

192.168.1.1

NAT

Firewall