Manualshelf

Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT 8648T/2SP
51525354555657585960
58 Firewall Enhancements Release Note
Software Version 2.7.6
C613-10462-00 REV A
set firewall monitor
Syntax SET FIREwall MOnitor=monitor-id [IP=ipadd]
[COPyto=ip-interface] [APPlyto={PRIVate|PUBlic|BOTH}]
where:
monitor-id is an integer from 1 to 65535
ipadd is an IPv4 address in dotted decimal notation
ip-interface is a VLAN or Eth interface such as vlan2 or eth0. The interface
can be a logical interface such as vlan2-1 or eth0-1
Description This command modifies a session monitor.
Note that modifying the monitor does not reset its counters.
The monitor parameter specifies the identification number for the monitor.
The ip parameter specifies the IP address of the monitored device. The firewall
monitors any firewall sessions that have this IP address in any of the session
fields. These session fields display in output from the show firewall session
command, and are summarised in the following table.
Therefore, sessions are monitored whether the device:
sends the packets
receives the packets
initiates the session
responds to a session initiated by another device
The copyto parameter specifies the Eth interface or VLAN to which the firewall
sends the copies of monitored packets. Packets are sent as Layer 2 broadcasts to
this interface. You should connect a device directly to this interface that can
correctly capture the broadcast packets, such as a PC running packet capturing
software. In particular, the device should not forward or reply to the packets.
Duplicated packets use the router or switch’s MAC address as their source
MAC address, and have a broadcast destination MAC address (ff:ff:ff:ff:ff:ff).
IP field name in session Meaning
IP The source address of outbound packets and the
destination address of inbound packets in this session, as
seen on the private side of the firewall.
Remote IP The destination address of outbound packets and the
source address of inbound packets in this session, as seen
on the private side of the firewall.
Gbl IP The source address of outbound packets and the
destination address of inbound packets in this session, as
seen on the public side of the firewall. If NAT is not
configured, this is the same as IP.
Gbl Remote IP The destination address of outbound packets and the
source address of inbound packets in this session, as seen
on the public side of the firewall. If NAT is not configured,
this is the same as Remote IP.