Manualshelf

Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT 8648T/2SP
51525354555657585960
54 Firewall Enhancements Release Note
Software Version 2.7.6
C613-10462-00 REV A
Therefore, sessions are monitored whether the device:
sends the packets
receives the packets
initiates the session
responds to a session initiated by another device
The copyto parameter specifies the Eth interface or VLAN to which the firewall
sends the copies of monitored packets. Packets are sent as Layer 2 broadcasts to
this interface. You should connect a device directly to this interface that can
correctly capture the broadcast packets, such as a PC running packet capturing
software. In particular, the device should not forward or reply to the packets.
Duplicated packets use the router or switch’s MAC address as their source
MAC address, and have a broadcast destination MAC address (ff:ff:ff:ff:ff:ff).
The applyto parameter specifies where the monitoring for this device applies.
If you specify private, the firewall copies packets at the private interface. This
is before firewall processing for outgoing packets and after firewall processing
for incoming packets. If you specify public, the firewall copies packets at the
public interface. This is before firewall processing for incoming packets and
after firewall processing for outgoing packets. If you specify both, the firewall
copies packets at both the public interface and the private interface. The default
is private.
The combination of ip and applyto uniquely identifies a monitor. For example,
you can create different monitors to monitor the same IP address on the private
and the public interfaces.
Example To monitor traffic to and from the host whose IP address is 192.168.1.1, when
the monitor is plugged into the port in vlan2, use the command:
add fire mo=1 ip=192.168.1.1 cop=vlan2
To monitor traffic to and from the host whose IP address is 192.168.1.1 so that
you can check the firewall’s NAT configuration, make a monitor by using the
command:
add fire mo=1 ip=192.168.1.1 cop=vlan2 app=both
Use filtering within your packet capturing software to separate the private and
public traffic. Alternatively, you can make two monitors by using the
commands:
add fire mo=1 ip=192.168.1.1 cop=vlan2 app=priv
add fire mo=2 ip=192.168.1.1 cop=vlan3 app=pub
Using two monitors may make it easier to see which traffic came from the
private interface and which came from the public interface.